White Papers
Table Of Contents
- Contents
- Change history
- Overview
- Securing network connections
- Managing devices remotely
- Managing login methods
- Restricting public access to functions, applications, printer management, and security options
- Using local accounts
- Using LDAP or LDAP+GSSAPI
- Using Kerberos
- Using Active Directory
- Creating LDAP, LDAP+GSSAPI, or Active Directory groups
- Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups
- Understanding access controls
- Managing certificates
- Managing other access functions
- Securing data
- Troubleshooting
- User is locked out
- User is logged out automatically
- User cannot access applications or functions
- KDC and MFP clocks are out of sync
- Domain controller certificate is not installed
- KDC is not responding within the required time
- LDAP lookups fail
- Make sure that the server and firewall settings are configured to allow communication between the pr ...
- If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
- If the LDAP server requires SSL, then enable SSL for LDAP lookups
- Narrow the LDAP search base to the lowest possible scope that includes all necessary users
- Make sure that all LDAP attributes that are being searched for are correct
- Notices
- Index
Using Active Directory
You can use this login method by itself or in conjunction with the LDAP+GSSAPI login method.
Notes:
• Only one Kerberos configuration file can be saved on the printer memory. This configuration file can
apply to multiple realms and Kerberos Domain Controllers.
• Administrators must anticipate the
dierent
types of authentication requests the Kerberos server might
receive, and configure the configuration file to handle the requests.
• Uploading another configuration file or updating the Kerberos settings overwrites the saved
configuration file.
• Kerberos relies on an external server for authentication. If the server is down, then users are not able to
access the printer using LDAP.
• To help prevent unauthorized access, log out from the printer after each session.
Creating an Active Directory login method
1 From the Embedded Web Server, click Settings > Security > Login Methods.
2 From the Network Accounts section, click Add Login Method > Active Directory.
3 Configure the settings.
• Domain—Type the realm or domain name of the Active Directory server.
• User Name—Type the name of the user that can authenticate to the Active Directory.
• Password—Type the password of the user.
• Organizational Unit—Type the organizational unit attribute the user belongs to.
4 Click Join Domain.
Editing or deleting an Active Directory login method
1 From the Embedded Web Server, click Settings > Security > Login Methods.
2 From the Network Accounts section, click the Active Directory login method.
3 Do either of the following:
• To delete the login method, click Unjoin Domain.
• Configure the following settings, and then click Save and Verify.
General Information
–
Setup Name—Type a unique name for the Active Directory login method.
– Server Address—Type the IP address or the host name of the LDAP server.
– Server Port—Enter the port where queries are sent.
– Required User Input—Select the required authentication credentials when logging in to the printer.
– Use Integrated Windows Authentication—Select one of the following:
• Do not use
• Use if available—Use Windows operating system authentication credentials, if available.
Managing login methods 18