Lexmark MB2546 Embedded Web Server--Security Administrator s Guide - Page 16

Using LDAP or LDAP+GSSAPI, Creating an LDAP or LDAP+GSSAPI login method

Get Lexmark MB2546 PDF manuals and user guides View all Lexmark MB2546 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 16 highlights

Managing login methods 16 Using LDAP or LDAP+GSSAPI LDAP is a standards‑based, cross‑platform, extensible protocol that runs directly on top of the TCP/IP layer. It is used to access information stored in a specially organized information directory. It can interact with many different kinds of databases without special integration, making it more flexible than other authentication methods. LDAP+GSSAPI is used when you want your transmission to be always secure. Instead of authenticating directly with the LDAP server, the user is first authenticated with a Kerberos to obtain a Kerberos ticket. This ticket is presented to the LDAP server using the GSSAPI protocol for access. LDAP+GSSAPI is typically used for networks running Active Directory. Notes: • LDAP+GSSAPI requires a Kerberos network account. For more information, see "Creating a Kerberos login method" on page 19. • Supported printers can store a maximum of five unique LDAP or LDAP+GSSAPI login methods. Each method must have a unique name. • Administrators can create up to 32 user‑defined groups that apply to each unique login method. • LDAP and LDAP+GSSAPI relies on an external server for authentication. If the server is down, then users are not able to access the printer using LDAP or LDAP+GSSAPI. • To help prevent unauthorized access, log out from the printer after each session. Creating an LDAP or LDAP+GSSAPI login method 1 From the Embedded Web Server, click Settings > Security > Login Methods. 2 From the Network Accounts section, click Add Login Method > LDAP. 3 Select the authentication type. • LDAP • LDAP+GSSAPI 4 Configure the settings. General Information • Setup Name-Type a unique name for the LDAP network account. • Server Address-Type the IP address or the host name of the LDAP server. • Server Port-Enter the port where LDAP queries are sent. Note: If you are using SSL, then use port 636. Otherwise, use port 389. • Required User Input-Select the required LDAP authentication credentials used when logging in to the printer. This setting is available only in the LDAP setup. • Use Integrated Windows Authentication-Select one of the following: - Do not use - Use if available-Use Windows® operating system authentication credentials, if available. - Require-Use only Windows operating system authentication credentials. Note: This setting is available only in the LDAP+GSSAPI setup.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
Using LDAP or LDAP+GSSAPI
LDAP is a standards
based, cross
platform, extensible protocol that runs directly on top of the TCP/IP layer. It
is used to access information stored in a specially organized information directory. It can interact with many
different kinds of databases without special integration, making it more flexible than other authentication
methods.
LDAP+GSSAPI is used when you want your transmission to be always secure. Instead of authenticating directly
with the LDAP server, the user is first authenticated with a Kerberos to obtain a Kerberos ticket. This ticket is
presented to the LDAP server using the GSSAPI protocol for access. LDAP+GSSAPI is typically used for networks
running Active Directory.
Notes:
LDAP+GSSAPI requires a Kerberos network account. For more information, see
“Creating a Kerberos
login method” on page
19
.
Supported printers can store a maximum of five unique LDAP or LDAP+GSSAPI login methods. Each
method must have a unique name.
Administrators can create up to 32 user
defined groups that apply to each unique login method.
LDAP and LDAP+GSSAPI relies on an external server for authentication. If the server is down, then users
are not able to access the printer using LDAP or LDAP+GSSAPI.
To help prevent unauthorized access, log out from the printer after each session.
Creating an LDAP or LDAP+GSSAPI login method
1
From the Embedded Web Server, click
Settings
>
Security
>
Login Methods
.
2
From the Network Accounts section, click
Add Login Method
>
LDAP
.
3
Select the authentication type.
LDAP
LDAP+GSSAPI
4
Configure the settings.
General Information
Setup Name
—Type a unique name for the LDAP network account.
Server Address
—Type the IP address or the host name of the LDAP server.
Server Port
—Enter the port where LDAP queries are sent.
Note:
If you are using SSL, then use port
636
. Otherwise, use port
389
.
Required User Input
—Select the required LDAP authentication credentials used when logging in to the
printer. This setting is available only in the LDAP setup.
Use Integrated Windows Authentication
—Select one of the following:
Do not use
Use if available
—Use Windows® operating system authentication credentials, if available.
Require
—Use only Windows operating system authentication credentials.
Note:
This setting is available only in the LDAP+GSSAPI setup.
Managing login methods
16