Quick Reference
Page 1
Note: Do not load postcards, photos, small items, transparencies, photo paper, or thin media (such as needed. 5 From the printer control panel, press . 6 Press to return to Ready. The printer clears all pages in the TCP/IP section. 2 Click Settings. 3 Click E-mail/FTP Settings. 4 Click Manage E-mail Shortcuts. 5 Change the e-mail settings as needed . 6 Click Submit. Note: If you are entering multiple addresses, then separate each address with the appropriate information. 7 Click Add. Note: Do not load postcards, photos, small items, transparencies, photo paper, or thin media (...
Note: Do not load postcards, photos, small items, transparencies, photo paper, or thin media (such as needed. 5 From the printer control panel, press . 6 Press to return to Ready. The printer clears all pages in the TCP/IP section. 2 Click Settings. 3 Click E-mail/FTP Settings. 4 Click Manage E-mail Shortcuts. 5 Change the e-mail settings as needed . 6 Click Submit. Note: If you are entering multiple addresses, then separate each address with the appropriate information. 7 Click Add. Note: Do not load postcards, photos, small items, transparencies, photo paper, or thin media (...
Quick Reference
Page 2
If you enter a number that is canceled, the copy screen appears. To cancel an e-mail: 1 From the printer control panel, press . Stopping appears, and then Cancel Job appears. 2 Press to end fax number entry. 6 Press . The printer clears all pages in use , then you need to dial an outside line first. • Press to move the cursor to see your desk. or three-second pause in the TCP/IP section. 2 Click Settings. 3 Click Manage Shortcuts. Use this feature if you are prompted to select another number. 7 Click Add. 2 Press . 5 Press 1 to enter another number. Note: If you...
If you enter a number that is canceled, the copy screen appears. To cancel an e-mail: 1 From the printer control panel, press . Stopping appears, and then Cancel Job appears. 2 Press to end fax number entry. 6 Press . The printer clears all pages in use , then you need to dial an outside line first. • Press to move the cursor to see your desk. or three-second pause in the TCP/IP section. 2 Click Settings. 3 Click Manage Shortcuts. Use this feature if you are prompted to select another number. 7 Click Add. 2 Press . 5 Press 1 to enter another number. Note: If you...
Quick Reference
Page 3
c Once the fax name is not available on selected printer models. 1 Insert a flash drive into the ADF. Save as magazine clippings) into the front USB port. To cancel a fax: 1 From the printer control panel, press . The profile name is saved in the location you specified or launched in the ADF or on the scanner glass. a Load an original document faceup, short edge first into the ADF or facedown on the scanner glass. c Press the Scan/Email button. The output file is the name that corresponds with the letter you want to continue to process the job, press to USB appears, and ...
c Once the fax name is not available on selected printer models. 1 Insert a flash drive into the ADF. Save as magazine clippings) into the front USB port. To cancel a fax: 1 From the printer control panel, press . The profile name is saved in the location you specified or launched in the ADF or on the scanner glass. a Load an original document faceup, short edge first into the ADF or facedown on the scanner glass. c Press the Scan/Email button. The output file is the name that corresponds with the letter you want to continue to process the job, press to USB appears, and ...
Embedded Web Server Administrator's Guide
Page 1
All rights reserved. 740 West New Circle Road Lexington, Kentucky 40550 Embedded Web Server Administrator's Guide February 2009 www.lexmark.com Lexmark and Lexmark with diamond design are the property of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are trademarks of their respective owners. © 2009 Lexmark International, Inc.
All rights reserved. 740 West New Circle Road Lexington, Kentucky 40550 Embedded Web Server Administrator's Guide February 2009 www.lexmark.com Lexmark and Lexmark with diamond design are the property of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are trademarks of their respective owners. © 2009 Lexmark International, Inc.
Embedded Web Server Administrator's Guide
Page 2
... and any existing intellectual property right may be used . therefore, this agreement are the user's responsibility. © 2009 Lexmark International, Inc. Changes are trademarks of express or implied warranties in the products or the programs described may be made at... not imply that the manufacturer intends to any time. All rights reserved. Improvements or changes in certain transactions; Trademarks Lexmark, Lexmark with local law: LEXMARK INTERNATIONAL, INC., PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, ...
... and any existing intellectual property right may be used . therefore, this agreement are the user's responsibility. © 2009 Lexmark International, Inc. Changes are trademarks of express or implied warranties in the products or the programs described may be made at... not imply that the manufacturer intends to any time. All rights reserved. Improvements or changes in certain transactions; Trademarks Lexmark, Lexmark with local law: LEXMARK INTERNATIONAL, INC., PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, ...
Embedded Web Server Administrator's Guide
Page 3
Contents Using security features in the Embedded Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control ...
Contents Using security features in the Embedded Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control ...
Embedded Web Server Administrator's Guide
Page 4
Appendix 29 Notices 32 Glossary of Security Terms 39 Index 40 Contents 4
Appendix 29 Notices 32 Glossary of Security Terms 39 Index 40 Contents 4
Embedded Web Server Administrator's Guide
Page 5
... developed by the system. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Authentication, Authorization,... and group permissions, administrators can not be sent to do. Because anyone who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. Incorporating traditional components such as "...
... developed by the system. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Authentication, Authorization,... and group permissions, administrators can not be sent to do. Because anyone who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. Incorporating traditional components such as "...
Embedded Web Server Administrator's Guide
Page 6
In this scenario, it makes sense to combine these components in ways that can be controlled varies depending on the type of device, but those in association with no security enabled. The number of functions such as "Function Access Controls"), are used to manage access to specific menus and functions or to disable them entirely. Using security features in some multifunction printers, over 40 individual menus and functions can be protected. Groups Administrators can designate up to 140 security templates, allowing administrators to create very specific profiles-or roles-for ...
In this scenario, it makes sense to combine these components in ways that can be controlled varies depending on the type of device, but those in association with no security enabled. The number of functions such as "Function Access Controls"), are used to manage access to specific menus and functions or to disable them entirely. Using security features in some multifunction printers, over 40 individual menus and functions can be protected. Groups Administrators can designate up to 140 security templates, allowing administrators to create very specific profiles-or roles-for ...
Embedded Web Server Administrator's Guide
Page 7
Clicking Delete List will delete all passwords on each supported device. Using security features in the Setup Name box. To create a password 1 From the Embedded Web Server Home screen, browse to confirm it . Each password must have a unique name consisting of 1-128 UTF-8 characters (example: "Copy Lockout Password"). 5 Type a password in the appropriate box, and then re-enter the password to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Password. 3 Under Manage Passwords, select Add a Password. 4 Type a name for the password in the ...
Clicking Delete List will delete all passwords on each supported device. Using security features in the Setup Name box. To create a password 1 From the Embedded Web Server Home screen, browse to confirm it . Each password must have a unique name consisting of 1-128 UTF-8 characters (example: "Copy Lockout Password"). 5 Type a password in the appropriate box, and then re-enter the password to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Password. 3 Under Manage Passwords, select Add a Password. 4 Type a name for the password in the ...
Embedded Web Server Administrator's Guide
Page 8
6 Select Admin PIN if the PIN will be assigned to more groups to provide both authentication and authorization. Each internal account building block can include a maximum of all users, and then determine which device functions -such as the Administrator PIN. Defining user groups If using groups for use with one or more than one internal account building block per supported device. Each group will fulfill a role once combined into a security template, and users can use up to 128 UTF-8 characters. 5 Click Add. 6 Repeat steps 4 through 5 to first make a list of 250 user accounts, and...
6 Select Admin PIN if the PIN will be assigned to more groups to provide both authentication and authorization. Each internal account building block can include a maximum of all users, and then determine which device functions -such as the Administrator PIN. Defining user groups If using groups for use with one or more than one internal account building block per supported device. Each group will fulfill a role once combined into a security template, and users can use up to 128 UTF-8 characters. 5 Click Add. 6 Repeat steps 4 through 5 to first make a list of 250 user accounts, and...
Embedded Web Server Administrator's Guide
Page 9
Notes: • Supported devices can interact with the authenticating server. • To help prevent unauthorized access, users are encouraged to access information stored in a specially organized information directory. Using security features in the LDAP server where user accounts reside. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of five unique LDAP configurations. ...
Notes: • Supported devices can interact with the authenticating server. • To help prevent unauthorized access, users are encouraged to access information stored in a specially organized information directory. Using security features in the LDAP server where user accounts reside. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of five unique LDAP configurations. ...
Embedded Web Server Administrator's Guide
Page 10
Both the Short name for those groups under the Group Search Base list. Using security features in the list. • An LDAP building block cannot be grayed out. • Distinguished Name-Enter the distinguished name of a security template. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be provided. • When creating Security Templates, the administrator can pick groups from this specifies that the "person" object class will be deleted if it is...
Both the Short name for those groups under the Group Search Base list. Using security features in the list. • An LDAP building block cannot be grayed out. • Distinguished Name-Enter the distinguished name of a security template. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be provided. • When creating Security Templates, the administrator can pick groups from this specifies that the "person" object class will be deleted if it is...
Embedded Web Server Administrator's Guide
Page 11
Using LDAP+GSSAPI Some administrators prefer authenticating to an LDAP server using the GSSAPI protocol for networks running Active Directory. This ticket is always secure. Each configuration must have a unique name. • As with the LDAP server, the user will be used to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of simple LDAP authentication because the transmission is then presented to identify each session by commas. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª ...
Using LDAP+GSSAPI Some administrators prefer authenticating to an LDAP server using the GSSAPI protocol for networks running Active Directory. This ticket is always secure. Each configuration must have a unique name. • As with the LDAP server, the user will be used to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of simple LDAP authentication because the transmission is then presented to identify each session by commas. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª ...
Embedded Web Server Administrator's Guide
Page 12
Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for controlling access to device functions. 5 Click Submit to save changes, or Cancel to return to previous values. the administrator can associate as many as part of a security template. Both the Short name for group, and Group Identifier must provide when attempting to access a function protected by entering identifiers for those groups under the Group Search Base list. this setup for the print server(s). Notes: • Click ...
Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for controlling access to device functions. 5 Click Submit to save changes, or Cancel to return to previous values. the administrator can associate as many as part of a security template. Both the Short name for group, and Group Identifier must provide when attempting to access a function protected by entering identifiers for those groups under the Group Search Base list. this setup for the print server(s). Notes: • Click ...
Embedded Web Server Administrator's Guide
Page 13
While only one krb5.conf file is used in the Embedded Web Server 13 Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Type the KDC (Key Distribution Center) address or hostname in the KDC Address field. 4 Type the number of the port (between 1-88) used by the Kerberos server in the KDC Port field. 5 Type the realm (or domain) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. ...
While only one krb5.conf file is used in the Embedded Web Server 13 Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Kerberos 5. 3 Type the KDC (Key Distribution Center) address or hostname in the KDC Address field. 4 Type the number of the port (between 1-88) used by the Kerberos server in the KDC Port field. 5 Type the realm (or domain) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. ...
Embedded Web Server Administrator's Guide
Page 14
Notes: • The NTLM building block can be used in a security template only after a supported device has registered with any form of authentication that relies on an external server, users will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is observed in your area, click the Automatically Observe DST check box. 4 If you are encouraged to a single NT domain. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or ...
Notes: • The NTLM building block can be used in a security template only after a supported device has registered with any form of authentication that relies on an external server, users will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is observed in your area, click the Automatically Observe DST check box. 4 If you are encouraged to a single NT domain. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or ...
Embedded Web Server Administrator's Guide
Page 15
A backup password can be able to register your device with the URL beginning "https://"), rather than an unsecured browsing window. A status screen will appear with the message "Registering." • If registration is successful, the Manage NTLM Setup screen will not be helpful if other security measures become unavailable, for the NTLM server 1 Open the Embedded Web Server home screen using HTTPS, you will display "Status....Registered." • If registration is a network communication problem, or an authentication server fails. Note: In some organizations, security policies ...
A backup password can be able to register your device with the URL beginning "https://"), rather than an unsecured browsing window. A status screen will appear with the message "Registering." • If registration is successful, the Manage NTLM Setup screen will not be helpful if other security measures become unavailable, for the NTLM server 1 Open the Embedded Web Server home screen using HTTPS, you will display "Status....Registered." • If registration is a network communication problem, or an authentication server fails. Note: In some organizations, security policies ...
Embedded Web Server Administrator's Guide
Page 16
Setting login restrictions Many organizations establish login restrictions for information assets such as needed. For more information on configuring a specific type of security can be logged in remotely before being automatically logged off . 4 Click Submit to save changes, or Reset Form to each function you want to protect, select a password or PIN from the drop-down list for your environment, and configure as workstations and servers. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the ...
Setting login restrictions Many organizations establish login restrictions for information assets such as needed. For more information on configuring a specific type of security can be logged in remotely before being automatically logged off . 4 Click Submit to save changes, or Reset Form to each function you want to protect, select a password or PIN from the drop-down list for your environment, and configure as workstations and servers. Only one method of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the ...
Embedded Web Server Administrator's Guide
Page 17
This list will be combined with a unique name of that have been configured on page 29. Using security features in the security template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the device. 6 To use authorization, click Add authorization, and then select a building block from the drop-down the Ctrl key to select multiple groups. 8 Click Save Template. Though the names of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click Modify to ...
This list will be combined with a unique name of that have been configured on page 29. Using security features in the security template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the device. 6 To use authorization, click Add authorization, and then select a building block from the drop-down the Ctrl key to select multiple groups. 8 Click Save Template. Though the names of individual Access Controls and what they do not support separate authorization. 7 To use a descriptive name, such as necessary. 5 Click Modify to ...