PKI-Enabled MFP Installation and Configuration Guide
Page 7
... IP Address and is connected to the end-user manual. 2. 1 Background Information This document assumes you have read and completed the Pre-Installation Guide for each MFP that will be done by entering the MFP's IP Address in the address bar of the web browser. You can be... made throughout this has been verified for the Lexmark PKI-Enabled MFP. Version 2.0.0 Page 1 Before proceeding with the installation. If not, please consult that guide before continuing with the install, make sure the following has taken place: 1.
... IP Address and is connected to the end-user manual. 2. 1 Background Information This document assumes you have read and completed the Pre-Installation Guide for each MFP that will be done by entering the MFP's IP Address in the address bar of the web browser. You can be... made throughout this has been verified for the Lexmark PKI-Enabled MFP. Version 2.0.0 Page 1 Before proceeding with the installation. If not, please consult that guide before continuing with the install, make sure the following has taken place: 1.
PKI-Enabled MFP Installation and Configuration Guide
Page 15
... This section describes the process for the PKI capability to function correctly have been configured. 3.1 Date and Time In order to login in the Pre-Installation Guide to perform a Kerberos login, the date and time must be acquired from a time server. 1.
... This section describes the process for the PKI capability to function correctly have been configured. 3.1 Date and Time In order to login in the Pre-Installation Guide to perform a Kerberos login, the date and time must be acquired from a time server. 1.
PKI-Enabled MFP Installation and Configuration Guide
Page 22
.... Click Submit once all answers have been provided. The default value of LDAP attributes used to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS Item... 3 LDAP Certificate Validation Item 4 Use GSSAPI Not used ; Max Search Results Item 8 4. Version 2.0.0 Page 16 Pre-Installation 3. leave unchecked. Search Base Item 5 Search Timeout Item 7 Displayed Name This is the combination of longest cn or (givenName + sn) is ...
.... Click Submit once all answers have been provided. The default value of LDAP attributes used to be filled in: Field Corresponding Pre-Installation Guide Section 4.2 Item Server Address Item 1 (Use the hostname rather than the IP address) Server Port Item 2 Use SSL/TLS Item... 3 LDAP Certificate Validation Item 4 Use GSSAPI Not used ; Max Search Results Item 8 4. Version 2.0.0 Page 16 Pre-Installation 3. leave unchecked. Search Base Item 5 Search Timeout Item 7 Displayed Name This is the combination of longest cn or (givenName + sn) is ...
PKI-Enabled MFP Installation and Configuration Guide
Page 30
...Responder URL OCSP Proxy URL OCSP Responder Certificate OCSP Responder Timeout Use MFP Kerberos Setup Kerberos Realm Kerbeos KDC Kerberos Domain Corresponding Pre-Installation Guide Section/Item Section 3.2 Section 3.2.2.1.1 Section 3.2.2.1.1 Item 1 The format should be http://:. Section 3.2.2.1.1 Item 4 Section 3.2.2.1.1 Item...If "One Kerberos Realm" is selected, uncheck this box and the following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. the next three settings should be filled in. Separate multiple ...
...Responder URL OCSP Proxy URL OCSP Responder Certificate OCSP Responder Timeout Use MFP Kerberos Setup Kerberos Realm Kerbeos KDC Kerberos Domain Corresponding Pre-Installation Guide Section/Item Section 3.2 Section 3.2.2.1.1 Section 3.2.2.1.1 Item 1 The format should be http://:. Section 3.2.2.1.1 Item 4 Section 3.2.2.1.1 Item...If "One Kerberos Realm" is selected, uncheck this box and the following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. the next three settings should be filled in. Separate multiple ...
PKI-Enabled MFP Installation and Configuration Guide
Page 34
Configuration 2 uses Section 8.2; The LDAP Configuration page is displayed. Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address Item 2 Server Port Item 3 Use SSL/TLS Item 4 LDAP Certificate Validation Item 5 Card Lookup Field Item 6 Search Attribute Item 7 Version 2.0.0 Page 28 Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1; 2. Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. 3.
Configuration 2 uses Section 8.2; The LDAP Configuration page is displayed. Configuration 3 uses Section 8.3 Use KDC for LDAP Server Item 1 Server Address Item 2 Server Port Item 3 Use SSL/TLS Item 4 LDAP Certificate Validation Item 5 Card Lookup Field Item 6 Search Attribute Item 7 Version 2.0.0 Page 28 Setting Corresponding Pre-Installation Guide Section/Item Configuration Configuration 1 uses Section 8.1; 2. Referring to section 7 of the Pre-Installation Guide, use the following table to configure the settings. 3.
PKI-Enabled MFP Installation and Configuration Guide
Page 39
3. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Copy Authorization Copy Authorization List Fax Authorization Fax Authorization List FTP Authorization FTP Authorization List Corresponding Pre-Installation Guide Section/Item Section 4.1 Item 1 Section 4.1 Item 2 Section 4.2 Item 1 Section 4.2 Item 2 Section 4.3 Item 1 Section 4.3 Item 2 Version 2.0.0 Page 33 Click the Configure Tab. 4.
3. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field. Setting Copy Authorization Copy Authorization List Fax Authorization Fax Authorization List FTP Authorization FTP Authorization List Corresponding Pre-Installation Guide Section/Item Section 4.1 Item 1 Section 4.1 Item 2 Section 4.2 Item 1 Section 4.2 Item 2 Section 4.3 Item 1 Section 4.3 Item 2 Version 2.0.0 Page 33 Click the Configure Tab. 4.
PKI-Enabled MFP Installation and Configuration Guide
Page 42
... Options User Can Send Multiple Emails From Address LDAP-From Email Address To Address Limit Destinations Send Email To User Address Book Lookup Corresponding Pre-Installation Guide Section/Item Section 5.1 Item 1 Section 5.1 Item 2 Section 5.2 Item 2 Section 5.2 Item 2 Only used if Authentication set to Device Section 5.2 Item 2 Only used... 1 Section 5.5 Item 2 Section 5.5 Item 3 Section 5.5 Item 4 Version 2.0.0 Page 36 Click the Configure Tab. 4. 3. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
... Options User Can Send Multiple Emails From Address LDAP-From Email Address To Address Limit Destinations Send Email To User Address Book Lookup Corresponding Pre-Installation Guide Section/Item Section 5.1 Item 1 Section 5.1 Item 2 Section 5.2 Item 2 Section 5.2 Item 2 Only used if Authentication set to Device Section 5.2 Item 2 Only used... 1 Section 5.5 Item 2 Section 5.5 Item 3 Section 5.5 Item 4 Version 2.0.0 Page 36 Click the Configure Tab. 4. 3. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
PKI-Enabled MFP Installation and Configuration Guide
Page 46
Section 6.1 Item 2 Section 6.1 Item 3 Version 2.0.0 Page 40 To use a different icon, contact Lexmark to get a "blank" button to be used as the base. Setting Button Text Up Icon Down Icon Scan To Network Authorization Authorization List Corresponding Pre-Installation Guide Section/Item Section 6.1 Item 1 To use a different icon, contact Lexmark to get a "blank" button to be used as the base. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
Section 6.1 Item 2 Section 6.1 Item 3 Version 2.0.0 Page 40 To use a different icon, contact Lexmark to get a "blank" button to be used as the base. Setting Button Text Up Icon Down Icon Scan To Network Authorization Authorization List Corresponding Pre-Installation Guide Section/Item Section 6.1 Item 1 To use a different icon, contact Lexmark to get a "blank" button to be used as the base. The following table lists each setting and the corresponding Pre-Installation Section/Item that contains the value needed for that field.
PKI-Enabled MFP Installation and Configuration Guide
Page 49
Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 UNC Path Section 6.2 Item 4 Replacement Value If the UNC Path ...
Setting Corresponding Pre-Installation Guide Section/Item File Share Authorization Section 6.2 Item 1 Authorization list Section 6.2 Item 2 Display Name Section 6.2 Item 3 UNC Path Section 6.2 Item 4 Replacement Value If the UNC Path ...
PKI-Enabled MFP Installation and Configuration Guide
Page 53
...beyond an acceptable range; Kerberos configuration file has not been uploaded. The Domain Controller Issuing Certificate has not been installed. minutes of certificate") has not been installed. Be sure the time zone and daylight savings time settings are provided in the PKI/AD Authentication are correct.... settings, uncheck the "Use MFP Kerberos Setup" checkbox and click apply. Cause: No certificate has been installed on the MFP; Resolution: See the PKI Pre-Installation Guide for authentication to the Kerberos file and click submit. The port must be specified in the PKI/AD...
...beyond an acceptable range; Kerberos configuration file has not been uploaded. The Domain Controller Issuing Certificate has not been installed. minutes of certificate") has not been installed. Be sure the time zone and daylight savings time settings are provided in the PKI/AD Authentication are correct.... settings, uncheck the "Use MFP Kerberos Setup" checkbox and click apply. Cause: No certificate has been installed on the MFP; Resolution: See the PKI Pre-Installation Guide for authentication to the Kerberos file and click submit. The port must be specified in the PKI/AD...
PKI-Enabled Pre-Installation Guide
Page 2
... may be made to you. References in which it believes appropriate without incurring any time. ImageQuick, Optra, Lexmark, and Lexmark with local law: LEXMARK INTERNATIONAL, INC., PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, ...rights reserved. Evaluation and verification of their respective owners. © Copyright 2007-2008 Lexmark International, Inc. PKI Pre-Installation Guide Edition: April 2008 The following paragraph does not apply to Lexmark International, Inc., Department F95/032-2, 740 West New Circle Road, Lexington, Kentucky 40550...
... may be made to you. References in which it believes appropriate without incurring any time. ImageQuick, Optra, Lexmark, and Lexmark with local law: LEXMARK INTERNATIONAL, INC., PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, ...rights reserved. Evaluation and verification of their respective owners. © Copyright 2007-2008 Lexmark International, Inc. PKI Pre-Installation Guide Edition: April 2008 The following paragraph does not apply to Lexmark International, Inc., Department F95/032-2, 740 West New Circle Road, Lexington, Kentucky 40550...
PKI-Enabled Pre-Installation Guide
Page 3
PKI Pre-Installation Guide Table of Contents 1 Background Information...1 1.1 Document Overview ...1 1.2 PKI/AD Solution...1 1.3 SmartCard Contents ...2 1.4 Network Port Access...3 1.5 Key Contacts...3 2 Basic Network Configuration 4 2.1 IP Address...4 2.2 DNS and WINS ...
PKI Pre-Installation Guide Table of Contents 1 Background Information...1 1.1 Document Overview ...1 1.2 PKI/AD Solution...1 1.3 SmartCard Contents ...2 1.4 Network Port Access...3 1.5 Key Contacts...3 2 Basic Network Configuration 4 2.1 IP Address...4 2.2 DNS and WINS ...
PKI-Enabled Pre-Installation Guide
Page 4
PKI Pre-Installation Guide 5.6.1 Email Signing...23 5.6.2 Email Encryption 24 5.6.3 Results...24 6 PKI/AD Scan to Network Configuration 26 6.1 General Settings ...26 6.2 Fileshare Settings ...26 6.3 Fileshare Examples ...28 7 Finding Configuration Information 30 7.1 Kerberos Realm ...30 7.2 Domain Controller ...30 7.3 Kerberos Configuration File 31 7.4 LDAP Directory Information 33 7.5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8.1 LDAP Configuration 1 35 8.2 LDAP Configuration 2 36 8.3 LDAP Configuration 3 37 Version 2.0.0 Page iii
PKI Pre-Installation Guide 5.6.1 Email Signing...23 5.6.2 Email Encryption 24 5.6.3 Results...24 6 PKI/AD Scan to Network Configuration 26 6.1 General Settings ...26 6.2 Fileshare Settings ...26 6.3 Fileshare Examples ...28 7 Finding Configuration Information 30 7.1 Kerberos Realm ...30 7.2 Domain Controller ...30 7.3 Kerberos Configuration File 31 7.4 LDAP Directory Information 33 7.5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8.1 LDAP Configuration 1 35 8.2 LDAP Configuration 2 36 8.3 LDAP Configuration 3 37 Version 2.0.0 Page iii
PKI-Enabled Pre-Installation Guide
Page 5
... fileshare names can be automatically deleted if not released within a certain amount of the Lexmark Document Solutions Server software. User authorization can be built dynamically using this pre-installation guide will be needed to a special print queue; PKI Pre-Installation Guide 1 Background Information 1.1 Document Overview This document should be used to limit access to this...
... fileshare names can be automatically deleted if not released within a certain amount of the Lexmark Document Solutions Server software. User authorization can be built dynamically using this pre-installation guide will be needed to a special print queue; PKI Pre-Installation Guide 1 Background Information 1.1 Document Overview This document should be used to limit access to this...
PKI-Enabled Pre-Installation Guide
Page 6
...=PKI, OU=DoD, O=U.S. Government, C=US This subject name will typically be something like: 12345678@mil The mil is the DoD's common domain name. PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is not used by this application. The Email certificate...
...=PKI, OU=DoD, O=U.S. Government, C=US This subject name will typically be something like: 12345678@mil The mil is the DoD's common domain name. PKI Pre-Installation Guide 1.3 SmartCard Contents The SmartCard contains at least two certificates: • Identity • Email The identity certificate is not used by this application. The Email certificate...
PKI-Enabled Pre-Installation Guide
Page 7
... default ports needed based on the features that can be contacted for assistance in filling this document out and/or assisting during the initial install. PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to identify the appropriate people that are used. Administrator Active Directory Network Tumbleweed/OCSP Email Information Assurance...
... default ports needed based on the features that can be contacted for assistance in filling this document out and/or assisting during the initial install. PKI Pre-Installation Guide 1.4 Network Port Access The MFP will need to identify the appropriate people that are used. Administrator Active Directory Network Tumbleweed/OCSP Email Information Assurance...
PKI-Enabled Pre-Installation Guide
Page 8
... be assigned. 2. Which method should be used as needed : 1. The IP Address for the device to function correctly on the network. PKI Pre-Installation Guide 2 Basic Network Configuration This section is needed . 2.1 IP Address The device can be configured to acquire an IP Address via DHCP or a static... (optional Version 2.0.0 Page 4 The Netmask: If the device has not or will not be connected to the network prior to the PKI installation, please make sure the appropriate people are available to assist in getting the device active on the network. 2.2 DNS and WINS Servers In order...
... be assigned. 2. Which method should be used as needed : 1. The IP Address for the device to function correctly on the network. PKI Pre-Installation Guide 2 Basic Network Configuration This section is needed . 2.1 IP Address The device can be configured to acquire an IP Address via DHCP or a static... (optional Version 2.0.0 Page 4 The Netmask: If the device has not or will not be connected to the network prior to the PKI installation, please make sure the appropriate people are available to assist in getting the device active on the network. 2.2 DNS and WINS Servers In order...
PKI-Enabled Pre-Installation Guide
Page 9
... within five minutes of the file servers hosting the directories will be searched. The time can get the time from a network time server. PKI Pre-Installation Guide 2.3 Time Server In order for the device to Home Directory Will Not Be Enabled □ Same as Printer Domain Name □ Same as Domain Controller...
... within five minutes of the file servers hosting the directories will be searched. The time can get the time from a network time server. PKI Pre-Installation Guide 2.3 Time Server In order for the device to Home Directory Will Not Be Enabled □ Same as Printer Domain Name □ Same as Domain Controller...
PKI-Enabled Pre-Installation Guide
Page 10
... the device. □ SSL is not required □ SSL is invalid, the LDAP connection will occur. The certificate will be specified at install time. A certificate will not be terminated. PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of the PKI Applications utilize LDAP to perform queries that are : Never Allow Try Demand Never -
... the device. □ SSL is not required □ SSL is invalid, the LDAP connection will occur. The certificate will be specified at install time. A certificate will not be terminated. PKI Pre-Installation Guide 2.5 Default LDAP Configuration Many of the PKI Applications utilize LDAP to perform queries that are : Never Allow Try Demand Never -
PKI-Enabled Pre-Installation Guide
Page 11
.... Search Base 6. Valid values are 5 to start the search. Maximum Search Results. Access rights needed to 300 seconds. PKI Pre-Installation Guide 5. The maximum number of 30 seconds is typically something like "dc=branch,dc=mil". Maximum Search Results 8. The timeout in seconds... of the LDAP directory in Pin Only mode) □ Service Account Distinguished Name Password: _________ To be displayed to be provided at installation _________ Version 2.0.0 Page 7 Valid values are 5 to access the LDAP directory. Base name for search. Search Timeout. This defines the...
.... Search Base 6. Valid values are 5 to start the search. Maximum Search Results. Access rights needed to 300 seconds. PKI Pre-Installation Guide 5. The maximum number of 30 seconds is typically something like "dc=branch,dc=mil". Maximum Search Results 8. The timeout in seconds... of the LDAP directory in Pin Only mode) □ Service Account Distinguished Name Password: _________ To be displayed to be provided at installation _________ Version 2.0.0 Page 7 Valid values are 5 to access the LDAP directory. Base name for search. Search Timeout. This defines the...