Embedded Web Server Administrator's Guide
Page 3
... Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with ...LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios......
... Web Server 5 Understanding the basics...5 Authentication and Authorization ...5 Groups ...6 Access Controls...6 Security Templates...6 Configuring building blocks...7 Creating a password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with ...LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios......
Embedded Web Server Administrator's Guide
Page 5
... a business, so that only employees who know the password or PIN are able to as Password or PIN, can not be individually identified, passwords and PINs are an innovative new tool developed by which a printer is the method by Lexmark to enable administrators to build secure, flexible profiles that... provide end users the functionality they will need to anyone who enters the correct password or PIN receives the same privileges and users can be used ...
... a business, so that only employees who know the password or PIN are able to as Password or PIN, can not be individually identified, passwords and PINs are an innovative new tool developed by which a printer is the method by Lexmark to enable administrators to build secure, flexible profiles that... provide end users the functionality they will need to anyone who enters the correct password or PIN receives the same privileges and users can be used ...
Embedded Web Server Administrator's Guide
Page 6
...blocks, groups, and access controls may not meet the needs of device, but those in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to be used in sales and marketing use color ... common set using a building block, or certain building blocks paired with no security enabled. A Security Template is a profile constructed using a password, PIN, or security template. Using security features in ways that can be controlled varies depending on page 29. Access Controls (also referred to...
...blocks, groups, and access controls may not meet the needs of device, but those in association with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can support up to 32 groups to be used in sales and marketing use color ... common set using a building block, or certain building blocks paired with no security enabled. A Security Template is a profile constructed using a password, PIN, or security template. Using security features in ways that can be controlled varies depending on page 29. Access Controls (also referred to...
Embedded Web Server Administrator's Guide
Page 7
... store a combined total of 250 user-level and administrator-level PINs. Note: The default PIN length is protected by a normal password, any administrator-level password will also grant access. 7 Click Submit. Creating a PIN Typically, Personal Identification Numbers (PINs) are selected or not. Using ...-8 characters (example: "Copy Lockout PIN"). 5 Type a PIN in the Setup Name box. Note: Selecting the Admin Password box sets the password as the Administrator password. The Embedded Web Server can also be used to control access to specific device menus or to confirm it . 6 Select...
... store a combined total of 250 user-level and administrator-level PINs. Note: The default PIN length is protected by a normal password, any administrator-level password will also grant access. 7 Click Submit. Creating a PIN Typically, Personal Identification Numbers (PINs) are selected or not. Using ...-8 characters (example: "Copy Lockout PIN"). 5 Type a PIN in the Setup Name box. Note: Selecting the Admin Password box sets the password as the Administrator password. The Embedded Web Server can also be used to control access to specific device menus or to confirm it . 6 Select...
Embedded Web Server Administrator's Guide
Page 8
... authentication-level security, or in conjunction with internal accounts. 4 Type the Group Name. Setting up to 128 UTF-8 characters. • Password-Type a password of all users, and then determine which functions will be needed by all needed for authorization, define them access to all users, and ...: "Jack Smith"). Note: If an activity is helpful to first make a list of between 8 and 128 characters. • Re-enter Password-Type the password entered in the Embedded Web Server 8 Each group will fulfill a role once combined into a security template, and users can be assigned to...
... authentication-level security, or in conjunction with internal accounts. 4 Type the Group Name. Setting up to 128 UTF-8 characters. • Password-Type a password of all users, and then determine which functions will be needed by all needed for authorization, define them access to all users, and ...: "Jack Smith"). Note: If an activity is helpful to first make a list of between 8 and 128 characters. • Re-enter Password-Type the password entered in the Embedded Web Server 8 Each group will fulfill a role once combined into a security template, and users can be assigned to...
Embedded Web Server Administrator's Guide
Page 9
...-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to specify the information a user must have a unique name. • Administrators can create up to 32 user-defined groups that apply to each unique LDAP...
...-down menu select None, SSL/TLS (Secure Sockets Layer/Transport Layer Security), or TLS. • Userid Attribute-Type either User ID or User ID and Password to specify the information a user must have a unique name. • Administrators can create up to 32 user-defined groups that apply to each unique LDAP...
Embedded Web Server Administrator's Guide
Page 10
... part of a security template. the administrator can pick groups from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to previous values. To delete an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security... • Anonymous LDAP Bind-If selected, the Embedded Web Server will bind with the LDAP server anonymously, and the Distinguished Name and MFP Password fields will be grayed out. • Distinguished Name-Enter the distinguished name of from this specifies that the "person" object class will also...
... part of a security template. the administrator can pick groups from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to previous values. To delete an existing LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security... • Anonymous LDAP Bind-If selected, the Embedded Web Server will bind with the LDAP server anonymously, and the Distinguished Name and MFP Password fields will be grayed out. • Distinguished Name-Enter the distinguished name of from this specifies that the "person" object class will also...
Embedded Web Server Administrator's Guide
Page 12
...Class-Click to select or clear; Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for controlling access to device functions. 5 Click Submit to save changes, or Cancel to return to previous values. LDAP Group Names ...previous values. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be deleted if it is being used as 32 named groups stored on the LDAP server...
...Class-Click to select or clear; Device Credentials • MFP Kerberos Username-Enter the distinguished name of the print server(s). • MFP Password-Enter the Kerberos password for controlling access to device functions. 5 Click Submit to save changes, or Cancel to return to previous values. LDAP Group Names ...previous values. • Search Timeout-Enter a value of from 5 to 30 seconds. • Required User Input-Select either User ID and Password or User ID to specify which credentials a user must be deleted if it is being used as 32 named groups stored on the LDAP server...
Embedded Web Server Administrator's Guide
Page 14
... Zone Setup. 3 If Daylight Saving Time (DST) is Microsoft's solution for enabling authentication without requiring the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • The NTLM building...seconds), the printer clock must be deleted or unregistered if it is being used by selecting Log out on the user's password. An administrator can only be updated manually, or set to a single NT domain. Using security features in clear text. Instead of a ...
... Zone Setup. 3 If Daylight Saving Time (DST) is Microsoft's solution for enabling authentication without requiring the transmission of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Notes: • The NTLM building...seconds), the printer clock must be deleted or unregistered if it is being used by selecting Log out on the user's password. An administrator can only be updated manually, or set to a single NT domain. Using security features in clear text. Instead of a ...
Embedded Web Server Administrator's Guide
Page 15
...the credentials appropriate to the Embedded Web Server using the secure version of the Primary Domain Controller) • User ID • Password 6 Click Submit. Note: If you do not connect to your organization's policies before deploying any security method that might compromise ... Server administrators to Settings ª Security ª Edit Security Setups. 2 Under Edit Backup Password, select Backup Password. 3 Select the Use Backup Password box, and then type and re-enter the password. 4 Click Submit. Specifying the default user domain for example, if there is a network ...
...the credentials appropriate to the Embedded Web Server using the secure version of the Primary Domain Controller) • User ID • Password 6 Click Submit. Note: If you do not connect to your organization's policies before deploying any security method that might compromise ... Server administrators to Settings ª Security ª Edit Security Setups. 2 Under Edit Backup Password, select Backup Password. 3 Select the Use Backup Password box, and then type and re-enter the password. 4 Click Submit. Specifying the default user domain for example, if there is a network ...
Embedded Web Server Administrator's Guide
Page 16
...Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For each session by a password or PIN. Using a password or PIN to control function access Each Access Control (or Function Access Control), can be logged in order to gain access...function access Step 1: Create a building block 1 From the Embedded Web Server Home screen, browse to specific device functions using a password or PIN. Setting login restrictions Many organizations establish login restrictions for your environment, and configure as workstations and servers. For simple authorization...
...Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access Controls. 3 For each session by a password or PIN. Using a password or PIN to control function access Each Access Control (or Function Access Control), can be logged in order to gain access...function access Step 1: Create a building block 1 From the Embedded Web Server Home screen, browse to specific device functions using a password or PIN. Setting login restrictions Many organizations establish login restrictions for your environment, and configure as workstations and servers. For simple authorization...
Embedded Web Server Administrator's Guide
Page 17
... function you want to protect, select the newly created security template from one or more groups to 128 characters. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the device. 6 To use authorization, click Add authorization, and then select a building block from the list...
... function you want to protect, select the newly created security template from one or more groups to 128 characters. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the device. 6 To use authorization, click Add authorization, and then select a building block from the list...
Embedded Web Server Administrator's Guide
Page 18
...(s) under "Configuring building blocks" on page 7. Scenario: Standalone or small office If your printer is selected. For more information on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ... creating one is located in order to gain access to a function controlled by that template. • You can assign a single password or PIN for authentication, authorization, or both. however, security templates currently in the Embedded Web Server 18 The key to remember is...
...(s) under "Configuring building blocks" on page 7. Scenario: Standalone or small office If your printer is selected. For more information on configuring a password or PIN, see "Setting up individual user accounts 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ... creating one is located in order to gain access to a function controlled by that template. • You can assign a single password or PIN for authentication, authorization, or both. however, security templates currently in the Embedded Web Server 18 The key to remember is...
Embedded Web Server Administrator's Guide
Page 19
... To use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Kerberos file on the device. 6 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to take advantage of the... Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 Step ...
... To use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Kerberos file on the device. 6 To use the LDAP+GSSAPI capabilities of the Embedded Web Server to take advantage of the... Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to enter the appropriate credentials in the Embedded Web Server 19 Step ...
Embedded Web Server Administrator's Guide
Page 26
.... 2 Under 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use to log in order to specify whether E-mail will wait for that server. 5 For SMTP Timeout, type the number ... to send E-mail, enter the information appropriate for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), and TTLS ...
.... 2 Under 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will use to log in order to specify whether E-mail will wait for that server. 5 For SMTP Timeout, type the number ... to send E-mail, enter the information appropriate for no authentication, or Use Device SMTP Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is integral to TLS (Transport Layer Security), PEAP (Protected Extensible Authentication Protocol), and TTLS ...
Embedded Web Server Administrator's Guide
Page 27
...ª Security ª SNMP. 2 Under SNMP Version 3, select the Enabled check box. 3 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the Embedded Web Server 27 SNMP Version 1, 2c 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª SNMP. 2 Under SNMP... is public). 5 To facilitate the automatic installation of the blank IP address entries (shown as device monitoring, type an SNMPPv3 Read/Write User name and Password in the appropriate fields. 4 To allow remote installation and configuration changes as well as 0.0.0.0).
...ª Security ª SNMP. 2 Under SNMP Version 3, select the Enabled check box. 3 To allow device monitoring only, type an SNMPv3 Read Only User name and Password in the Embedded Web Server 27 SNMP Version 1, 2c 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª SNMP. 2 Under SNMP... is public). 5 To facilitate the automatic installation of the blank IP address entries (shown as device monitoring, type an SNMPPv3 Read/Write User name and Password in the appropriate fields. 4 To allow remote installation and configuration changes as well as 0.0.0.0).
Embedded Web Server Administrator's Guide
Page 28
... next to each condition that should generate an alert. 5 Click Submit to save the changes. Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. Enabling the security reset jumper The Security Reset Jumper is lost, you will be...
... next to each condition that should generate an alert. 5 Click Submit to save the changes. Warning-Potential Damage: If "No Effect" is chosen and the password (or other applicable credential) is a hardware jumper located on the motherboard. Enabling the security reset jumper The Security Reset Jumper is lost, you will be...
Embedded Web Server Administrator's Guide
Page 39
... referred to do. A method for securely ientifying a user. Authentication and Authorization tools used in the Embedded Web Server. A collection of Security Terms 39 They include: password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. what the user is allowed to as Function Access Controls on some devices. A profile created and...
... referred to do. A method for securely ientifying a user. Authentication and Authorization tools used in the Embedded Web Server. A collection of Security Terms 39 They include: password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. what the user is allowed to as Function Access Controls on some devices. A profile created and...
Embedded Web Server Administrator's Guide
Page 40
... authenticating using Kerberos 13 using LDAP 9 using LDAP+GSSAPI 11 using NTLM authentication 14 Authentication understanding 5 Authorization understanding 5 B backup password creating 15 using 15 building blocks adding to security templates 16 internal accounts 8 Kerberos 5 13 LDAP 9 LDAP+GSSAPI 11 NTLM authentication...24 groups 6 internal accounts 8 Kerberos authentication 13 LDAP authentication 9 LDAP+GSSAPI authentication 11 login restrictions 16 NTLM authentication 14 password 7 PIN 7 reset jumper on motherboard 28 security audit log 25 security templates 16 SNMP 27 USB devices 23 security ...
... authenticating using Kerberos 13 using LDAP 9 using LDAP+GSSAPI 11 using NTLM authentication 14 Authentication understanding 5 Authorization understanding 5 B backup password creating 15 using 15 building blocks adding to security templates 16 internal accounts 8 Kerberos 5 13 LDAP 9 LDAP+GSSAPI 11 NTLM authentication...24 groups 6 internal accounts 8 Kerberos authentication 13 LDAP authentication 9 LDAP+GSSAPI authentication 11 login restrictions 16 NTLM authentication 14 password 7 PIN 7 reset jumper on motherboard 28 security audit log 25 security templates 16 SNMP 27 USB devices 23 security ...
Quick Reference
Page 3
... media (such as magazine clippings) into the ADF, then adjust the paper guides. 3 Press #, and then enter the FTP shortcut number. 4 Touch Send It. Note: A password may be created to a single fax number or a group of fax numbers. 1 Type the printer IP address into the address field of the name you... a shortcut number. Note: If you are loading a document into the ADF or facedown on the scanner glass. 2 If you do not have an ID and password, get one from your Web browser. If you want to add to the To: field. 7 Touch Send It. Note: Separate each time you do not...
... media (such as magazine clippings) into the ADF, then adjust the paper guides. 3 Press #, and then enter the FTP shortcut number. 4 Touch Send It. Note: A password may be created to a single fax number or a group of fax numbers. 1 Type the printer IP address into the address field of the name you... a shortcut number. Note: If you are loading a document into the ADF or facedown on the scanner glass. 2 If you do not have an ID and password, get one from your Web browser. If you want to add to the To: field. 7 Touch Send It. Note: Separate each time you do not...