White Papers
Table Of Contents
- Contents
- Change history
- Overview
- Securing network connections
- Managing devices remotely
- Managing login methods
- Restricting public access to functions, applications, printer management, and security options
- Using local accounts
- Using LDAP or LDAP+GSSAPI
- Using Kerberos
- Using Active Directory
- Creating LDAP, LDAP+GSSAPI, or Active Directory groups
- Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups
- Understanding access controls
- Managing certificates
- Managing other access functions
- Securing data
- Troubleshooting
- User is locked out
- User is logged out automatically
- User cannot access applications or functions
- KDC and MFP clocks are out of sync
- Domain controller certificate is not installed
- KDC is not responding within the required time
- LDAP lookups fail
- Make sure that the server and firewall settings are configured to allow communication between the pr ...
- If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
- If the LDAP server requires SSL, then enable SSL for LDAP lookups
- Narrow the LDAP search base to the lowest possible scope that includes all necessary users
- Make sure that all LDAP attributes that are being searched for are correct
- Notices
- Index
• Search Attributes—Select LDAP attributes used as search filters.
• Custom Attributes—Type LDAP custom attributes used as search filters.
5 Click Save and Verify.
Editing or deleting LDAP or LDAP+GSSAPI login methods
1 From the Embedded Web Server, click Settings > Security > Login Methods.
2 From the Network Accounts section, click the LDAP or LDAP+GSSAPI login method.
3 Do either of the following:
• To edit the login method, update the LDAP or LDAP+GSSAPI settings, and then click Save and Verify.
• To delete login method, click Delete LDAP.
Using Kerberos
You can use this login method by itself or in conjunction with the LDAP+GSSAPI login method.
Notes:
• Only one Kerberos configuration file can be saved on the printer memory. This configuration file can
apply to multiple realms and Kerberos Domain Controllers.
• Uploading another configuration file or updating the Kerberos settings overwrites the saved
configuration file.
• If you want to delete a Kerberos file, then delete first the LDAP+GSSAPI login method that is using the
file.
• Administrators must anticipate the dierent types of authentication requests the Kerberos server might
receive, and configure the configuration file to handle the requests.
• Kerberos relies on an external server for authentication. If the server is down, then users are not able to
access the printer using LDAP.
• To help prevent unauthorized access, log out from the printer after each session.
Creating a Kerberos login method
1 From the Embedded Web Server, click Settings > Security > Login Methods.
2 From the Network Accounts section, click Add Login Method > Kerberos.
3 Do one of the following:
Create a simple Kerberos configuration file
From the Generate Simple Kerberos File section, configure the following:
• KDC Address—Type the IP address or host name of the KDC IP.
• KDC Port—Enter the port number used by the Kerberos server.
• Realm—Type the realm used by the Kerberos server. The realm must be typed in uppercase.
Import a Kerberos configuration file
In the Import Kerberos File field, browse to the krb5.conf file.
Managing login methods 16