Lexmark 30G0400 Common Criteria Installation Supplement and Administrator Guid
Lexmark 30G0400 - T 656dne B/W Laser Printer Manual
UPC - 734646268899
View all Lexmark 30G0400 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark 30G0400 manual content summary:
- Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 3
Contents Overview and first steps 5 Overview...5 Using this guide...5 Supported devices...5 Operating environment...5 Before configuring the device (required)...6 Verifying physical interfaces and installed firmware...6 Attaching a lock...6 Encrypting the hard disk...7 Disabling the USB Buffer...8 - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 4
to device functions...35 Configuring PKI Held Jobs...35 Controlling access to device functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return to a locked state when not in use 39 Login screen does not - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 5
3). It is critical that you carefully follow the instructions in this guide, as failure to do so may result in a device that does not meet the requirements of the evaluation. Using this guide This guide is intended for use by Lexmark service providers, and network administrators responsible for the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 6
that no Download Emulator (DLE) option cards have been installed. 5 If you find additional interfaces, or if a DLE card has been installed, contact your Lexmark representative before proceeding. 6 To verify the firmware version, under Device Information, locate Base =, and Network =. 7 Contact your - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 7
The following illustrations show the most common lock port locations: Encrypting the hard disk Note: Not all devices have a hard disk installed. This section applies only to devices containing a hard disk. If your MFP came with a hard disk installed, you must encrypt the hard disk. Hard disk - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 8
7 A message will be displayed asking you to confirm the action: Contents will be lost. Continue? • Select Yes to proceed with disk wiping and encryption. A status bar will indicate the progress of the encryption task. After the disk has been encrypted, the MFP will return to the Enable/Disable - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 9
Installing the minimum configuration You can achieve an evaluated configuration on a non-networked (standalone) device in just a few steps. For this configuration, all tasks are performed at the device, using the touch screen. Configuring the device Configuration checklist This checklist outlines - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 10
groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch Menus > Security > Edit Security - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 11
Group name Administrator_Security Authenticated_Users Type of user group would be selected for • Administrators permitted to access all device functions • Administrators permitted to use device functions, and access the Security menu • Administrators permitted to access all device functions • - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 12
Creating security templates A security template is assigned to each device function, to control which users are permitted to access that function. At a minimum, you must create two security templates: one for "Administrator_Only" and one for "Authenticated_Users". If there is a need to grant access - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 13
Access Control Address Book Cancel Jobs at the Device Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates Flash - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 14
Management Remote Management Reports Menu at the Device Reports Menu Remotely Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1 Solutions 2-10 Supplies Menu at the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 15
Administering the device This chapter describes how to configure additional settings and functions that may be available on your device. Using the Embedded Web Server Access to the Embedded Web Server is disabled as part of the evaluated configuration on network-attached devices. Once a device is in - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 16
settings required for a network-attached device. Creating and modifying digital certificates Certificates are needed for domain controller verification, and for SSL support in LDAP. Each certificate must be in a separate PEM (.cer) file. Setting certificate defaults The values entered here will be - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 17
• City Name-Type the name of the city where the company or organization issuing the certificate is located. • Subject Alternate Name-Type the alternate name and prefix that conforms to RFC 2459. For example, enter an IP address using the format IP:255.255.255.255. Leave this field blank to use the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 18
The contents of the file should be in the following format: -----BEGIN CERTIFICATE----MIIE1jCCA76gAwIBAgIQY6sV0KL3tIhBtlr4gHG85zANBgkqhkiG9w0BAQUFADBs ... l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ== -----END CERTIFICATE----- • Download Signing Request-Download or save the signing - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 19
Disabling non-IP network protocols IP is the only network protocol permitted under this evaluation. The NetWare, AppleTalk, and LexLink protocols must be disabled. Using the EWS Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 20
(NPAP) • TCP 9600 (IPDS) • UDP 9700 (Plug-n-Print) • TCP 10000 (Telnet) • Web Services 3 Click Submit. Other settings and functions Network Time Protocol Use Network Time Protocol (NTP), to automatically sync MFP automatically provided by the DHCP server before manually configuring NTP settings. 20 - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 21
Using the EWS 1 From the EWS, click Settings > Security > Set Date and Time. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and HTTPS access after you have finished using the EWS. 2 Select the Enable NTP check box, and then type - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 22
Importing a Kerberos configuration file Using the EWS, you can also import a krb5.conf file rather than configure the Simple Kerberos Setup. 1 From the EWS, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 23
6 For Severity of events to log, select 5 - Notice. The chosen severity level and anything higher (0-4) will be logged. 7 To send all events regardless of severity to the remote server, select Remote Syslog non-logged events. 8 To have administrators automatically notified of certain log events, - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 24
12 If you want the MFP to automatically notify administrators of certain log events, adjust the following settings as needed: • To send an E-mail when the Delete Log button is clicked, set "E-mail log cleared alert" to On. • To send an E-mail when the log becomes full and begins to overwrite the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 25
5 For SMTP Timeout, type the number of seconds (5-30) the device will wait for a response from the SMTP server before timing out. 6 If you want to receive responses to messages sent from the MFP (in case of failed or bounced messages), type a Reply Address. 7 From the Use SSL list, select Disabled, - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 26
Submit. Fax If your MFP includes fax capabilities and is attached to a phone line, you must disable fax forwarding, enable held faxes, and disable driver to fax. Using the EWS 1 From the EWS, click Settings > Fax Settings > Analog Fax Setup. Note: For information about accessing the EWS, see "Using - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 27
the password (or other applicable credential) is lost, you will not be able to access the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). User access Administrators and users are required to login to the MFP using - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 28
these groups when configuring security templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Example: Employees in the warehouse will be given access to black and white printing - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 29
credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP + GSSAPI configurations. Each configuration must have a unique name. Note: You must configure Kerberos before - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 30
General Information • Setup Name-Used to identify each particular LDAP+GSSAPI Server Setup when creating security templates. • Server Address-The IP address or the hostname of the LDAP server where authentication will be performed. Note: For LDAP+GSSAPI, the LDAP server can be the domain controller, - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 31
5 From the General Information screen, select General Information, and then adjust the following settings as needed: • Setup Name-Used to identify each particular LDAP+GSSAPI Server Setup when creating security templates. • Server Address-The IP address or the hostname of the LDAP server where - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 32
provides the login screen and authentication mechanism, and supports user authorization to the MFP and its functions. Only, or Alphanumeric. 6 If desired, provide custom Logon Screen Text, with special instruction for users, or a custom Logon Screen Image. Custom screen images must be in - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 33
next one in the list. 12 If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging in , select Disable Reverse DNS Lookups if reverse lookups are not supported on your network. 17 To use only the information provided by - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 34
Creating security templates using the EWS A security template is assigned to each device function, to control which users are permitted to access that function. At a minimum, you must create two security templates: one for "Administrator_Only" and one for "Authenticated_Users". If there is a need to - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 35
the Held Jobs icon. • Select Show Copies Screen if you want to enable users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to enable users to select a Print All button, rather than select each print job individually. • Display - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 36
8 Under Advanced Settings, select Require All Jobs to be Held and Clear Print Data. 9 Click Apply. Controlling access to device functions using the EWS Access to MFP functions can be restricted by applying security templates to individual functions. A list of Access Controls and what they do can be - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 37
Management Remote Management Reports Menu at the Device Reports Menu Remotely Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1 Solutions 2-10 Supplies Menu at the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 39
Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer solutions, contact the Lexmark Solutions Help Desk - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 40
. Note: If your network uses DHCP, verify that NTP settings are not automatically provided by the DHCP server before manually configuring NTP settings. 3 If you have configured the printer to use an NTP server, verify that those settings are correct, and that the NTP server is functioning correctly - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 41
BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. " file" error message This error occurs during manual login, and indicates the Windows Domain is PKI Authentication solution settings do not support multiple Kerberos Realm entries. If multiple - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 42
636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer to communicate with the LDAP server, and must be open in order for LDAP lookups to work. REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 43
3 Click Apply. THE LDAP SEARCH BASE IS TOO BROAD IN SCOPE Narrow the LDAP search base to the lowest possible scope that will include all necessary users. LDAP lookups fail almost immediately This normally occurs during address book searches, user E-mail address searches, or user home directory - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 44
principal name, or the credential provided by manual login is used to set the userid ( the SmartCard principal name, or the credential provided by manual login is used to set the userid (userid). sent the job (or jobs) to a different printer, or the jobs were automatically deleted because they were - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 45
Appendix A: Using the touch screen The home screen The screen located on the front of the MFP is touch-sensitive, and can be used to access device functions, and navigate settings and configuration menus. The "home screen" looks similar to this (yours may contain additional icons): Touch the Menus - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/Shift will remain engaged until you touch the lock - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 47
guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Protocol Multifunction printer NT LAN - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 48
their copy jobs output in black and white Controls the ability to use the Copy function Controls the ability to create new bookmarks from the printer control panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu in the Embedded Web Server Controls - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 49
panel Protects access to the Security menu from the Embedded Web Server Protects access to the Sevice Engineer menu from the printer control panel Protects access to the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 50
at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 51
Appendix D: Using Common Access Cards Using a Common Access Card to access the MFP 1 Insert your Common Access Card into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 52
It may take a moment for the MFP to validate your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 53
suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed materials - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 54
OF THE NATURE OF THE CLAIM, INCLUDING BUT NOT LIMITED TO BREACH OF WARRANTY OR CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), AND EVEN IF LEXMARK, OR ITS SUPPLIERS, AFFILIATES, OR REMARKETERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY YOU BASED ON A THIRD - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 55
with the terms of this License Agreement, any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, the terms of this License Agreement - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 56
15 using 15 encrypting network data 18 encrypting the hard disk 7 encryption IPSec 18 environment operating 5 EWS using 15 F fax forwarding 26 fax settings Driver to fax 26 fax forwarding 26 held faxes 26 fax storage 26 firmware verifying 6 function access using the EWS to restrict 36 using the - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 57
SMTP settings configuring 24 supported devices 5 syslog configuring 22 T touch screen using the 45 troubleshooting authentication failure 40 authorization Jobs 43 not authorized to use Print Release Lite 43 printer clock out of sync 40 problem getting user info 42 realm on card not found guide 5 57 - Lexmark 30G0400 | Common Criteria Installation Supplement and Administrator Guid - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002