Lexmark MB2546 Embedded Web Server--Security Administrator s Guide - Page 20

Configuring manually

Note:

Configuring the date and time manually disables NTP.

a

From the Configure section, in the “Manually Set Date and Time” field, enter the appropriate date and

time.

b

Select the date format, time format, and time zone.

Note:

If you select

(UTC+user) Custom

, then specify the offset values for UTC (GMT) and DST.

Configuring NTP

a

From the Network Time Protocol section, select

Enable NTP

, and then type the IP address or host name

of the NTP server.

b

If the NTP server requires authentication, then in the Enable Authentication menu, select

MD5 key

.

c

Depending on your printer model, either enter the key ID and password, or browse to the file containing

the NTP authentication credentials.

2

Click

Save

.

Using Active Directory

You can use this login method by itself or in conjunction with the LDAP+GSSAPI login method.

Notes:

•

Only one Kerberos configuration file can be saved on the printer memory. This configuration file can

apply to multiple realms and Kerberos Domain Controllers.

•

Administrators must anticipate the different types of authentication requests the Kerberos server might

receive, and configure the configuration file to handle the requests.

•

Uploading another configuration file or updating the Kerberos settings overwrites the saved

configuration file.

•

Kerberos relies on an external server for authentication. If the server is down, then users are not able to

access the printer using LDAP.

•

To help prevent unauthorized access, log out from the printer after each session.

Creating an Active Directory login method

1

From the Embedded Web Server, click

Settings

>

Security

>

Login Methods

.

2

From the Network Accounts section, click

Add Login Method

>

Active Directory

.

3

Configure the settings.

•

Domain

—Type the realm or domain name of the Active Directory server.

•

User Name

—Type the name of the user that can authenticate to the Active Directory.

•

Password

—Type the password of the user.

•

Organizational Unit

—Type the organizational unit attribute the user belongs to.

4

Click

Join Domain

.

Managing login methods

20

Section	Page
Contents	2
Change history	4
Overview	5
Supported printers	5
Supported web browsers	7
Securing network connections	8
Accessing the Embedded Web Server	8
Configuring TCP/IP port access settings	8
Configuring IP Security settings	8
Configuring 802.1x authentication	9
Setting the restricted server list	10
Managing devices remotely	11
Using HTTPS for printer management	11
Setting up SNMP	11
Configuring SNMP versions 1 or 2c settings	11
Configuring SNMP version 3 settings	11
Configuring SNMP traps	12
Configuring security audit log settings	12
Updating firmware	13
Managing login methods	14
Restricting public access to functions, applications, printer management, and security options	14
Using local accounts	14
Creating local accounts	14
Editing and deleting local accounts	14
Creating local account groups	15
Editing or deleting local account groups	15
Using LDAP or LDAP+GSSAPI	16
Creating an LDAP or LDAP+GSSAPI login method	16
Editing or deleting LDAP or LDAP+GSSAPI login methods	18
Using Kerberos	19
Creating a Kerberos login method	19
Setting the date and time	19
Using Active Directory	20
Creating an Active Directory login method	20
Editing or deleting an Active Directory login method	21
Creating LDAP, LDAP+GSSAPI, or Active Directory groups	22
Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups	23
Understanding access controls	23
Managing certificates	26
Configuring printer certificate defaults	26
Creating a printer certificate	26
Installing certificates manually	27
Installing certificates automatically	27
Viewing, downloading, and deleting a certificate	27
Managing other access functions	28
Scheduling access to USB devices	28
Setting login restrictions	28
Configuring confidential printing	28
Enabling solutions LDAP settings	29
Showing secured applications or functions on the home screen	29
Enabling print permission	29
Enabling the security reset jumper	30
Securing data	31
Erasing printer memory	31
Erasing printer hard disk memory	31
Configuring printer hard disk encryption	31
Restoring factory default settings	31
Statement of Volatility	32
Troubleshooting	33
User is locked out	33
Update the allowed number of login failures and lockout time	33
Reset or replace the smart card	33
User is logged out automatically	33
Increase the Screen Timeout value	33
User cannot access applications or functions	33
Make sure that the user is assigned to a group that has access to the applications and functions	33
KDC and MFP clocks are out of sync	33
Make sure that the date and time settings on the printer are correct	33
Domain controller certificate is not installed	34
Make sure that the correct certificate is installed on the printer	34
KDC is not responding within the required time	34
Make sure that the IP address or host name of the KDC is correct	34
Make sure that the KDC is available in the configuration file	34
Make sure that the server and firewall settings are configured to allow communication between the pr ...	34
LDAP lookups fail	34
Make sure that the server and firewall settings are configured to allow communication between the pr ...	34
If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings	34
If the LDAP server requires SSL, then enable SSL for LDAP lookups	34
Narrow the LDAP search base to the lowest possible scope that includes all necessary users	34
Make sure that all LDAP attributes that are being searched for are correct	34
Notices	35
Edition notice	35
GOVERNMENT END USERS	35
Trademarks	35
GifEncoder	36
ZXing 1.7	36
Apache License Version 2.0, January 2004	36

Lexmark MB2546 Embedded Web Server--Security Administrator s Guide - Page 20

Using Active Directory, Creating an Active Directory login method

Page 20 highlights