Lexmark W850 PKI-Enabled Device Installation and Configuration Guide
Lexmark W850 Manual
View all Lexmark W850 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark W850 manual content summary:
- Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 3
...10 E-mail settings...11 Address Book setup ...11 Configuring PKI Authentication...12 Logon screen...12 Active Directory Configuration...13 User Session and Access Control...14 Advanced Settings ...14 Configuring PKI S/MIME Email...15 PKI S/MIME settings ...15 Configuring PKI Scan to Network - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 5
Lexmark X65x • Lexmark X73x • Lexmark X86x Before configuring the printer After initial setup tasks have been completed according to the User's Guide, connect the printer to your network. For information on how to connect your printer to a network, see the Networking Guide that came with the printer - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 6
Setup Page. The network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 7
to sign and encrypt E-mail messages sent from the printer, securely scan documents and images to a network file share, and hold documents at the printer until released by an authorized user. The authentication application is required, but all other applications are optional and can be installed as - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 8
Server, click Settings > Network/Ports > TCP/IP. 2 Under TCP/IP: • Verify the Domain Name. Normally, the domain will be the same one assigned to user workstations. • If using a static IP address, verify the WINS Server Address, and the DNS Server Address. • If the printer is located in a different - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 10
/FTP Settings > SMTP Setup. 2 Under SMTP Setup, type the IP address or hostname of the Primary SMTP Gateway the printer will use for sending E-mail. Note: If Kerberos will be used to authenticate users to the SMTP server, you must use the hostname. 3 Type the Primary SMTP Gateway Port number of the - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 11
settings as needed. 4 Click Submit. Address Book setup Configuring the printer Address Book enables users to search your network Global Address Book for E-mail addresses. 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 For Server Address, type the hostname (not - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 12
Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card Pin must be Numeric Only, or can be Alphanumeric. 4 If desired, provide custom Logon Screen Text, with special instruction for users, or - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 13
as "mil,.mil". • Timeout-The amount of time the printer should wait for a response from the domain controller before moving to the next one in the list. 5 If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging in. Multiple - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 14
authorize users. Solution-specific access control 1 is the default and recommended setting. 8 Continue to Advanced Settings, or click Apply at the bottom of the screen to save changes. Advanced Settings Not all networks will require the advanced settings. Adjust them as needed to allow the printer - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 15
how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select LDAP Lookup. 3 Under S/MIME Options, adjust the following settings: • Sign Email- Select Disabled, Prompt User, or Always Sign to determine whether outgoing E-mail messages will - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 16
options will be available to users from the printer touch screen: • User Can Only Send to Self (no other recipients can be added) • User Can Change Options (scan settings) • User Can Change Subject • User Can Change Message • User that displays when the Scan to Network icon is pressed), click Browse - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 17
way to the edge of the paper. Note: Leaving a small space around the edges that is not scanned usually results in better image quality. • Select Scan Preview to allow users preview and verify the first page of a document before the rest is scanned. 3 Click Apply at the bottom of the screen to save - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 18
share: - Display Name-Network Share - UNC Path-\\fileserver\CACNetworkShare - Replacement Value-User Principal Name - LDAP - Replacement Attribute-Leave blank Using a dynamic file share with the Windows User ID: - Display Name-User Share - UNC Path-\\dfs\shares\%u - Replacement Value-LDAP Lookup - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 19
"Default Scan Settings" on page 17. 5 Click Apply. Network > Configure. 2 Under File Shares, highlight the name of the share you want to modify, and then click Edit. The configuration page the Held Jobs icon on the printer home screen. 3 To select an used to authorize user groups. If groups are - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 20
want to allow users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to allow users to select a jobs is controlled by the printer Confidential Print Setup (Settings > Security > Confidential Print Setup). By default, only Confidential Print - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 21
error message A SUPPORTED SMARTCARD READER HAS BEEN INSTALLED BEFORE THE PKI FIRMWARE AND APPLICATIONS The reader can not be installed until the firmware and applications have been installed. Remove the card reader, and see "Installing the firmware and applications" on page 6. A NON-SUPPORTED Lexmark - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 22
THE SMARTCARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. "The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time" error message This error indicates the printer clock is more than five minutes out of sync with - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 23
resolve the issue. PORT 88 IS BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 24
normally occurs either during login (at "Getting User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT 636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer to communicate with the LDAP server, and must be open in order for LDAP lookups to work. Troubleshooting 24 - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 25
normally occurs during address book searches, user E-mail address searches, or user home directory searches. THE ADDRESS BOOK SETUP CONTAINS AN IP ADDRESS FOR THE LDAP SERVER 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 Verify that the Server Address has - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 26
Click Apply. THE LDAP LOOKUP FAILED For help resolving LDAP-related problems, see "LDAP issues" on page 24. "Email cannot be sent because you are not authorized to perform this function" error message This error usually indicates the user in not in an Active Directory group that is authorized to use - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 27
causes: "INVALID MESSAGE ID" ERROR FROM THE SMTP SERVER This problem occurs in earlier versions of the firmware, so verify that you have the correct firmware version installed. For information about finding the correct version for your printer, see "Verifying and updating the firmware" on page 6. If - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 28
adjust server and/or firewall settings to allow communication between the printer and SMTP server on port 25. Scan to Network issues "You are not authorized to use this feature" Scan to Network error message This error usually indicates the user in not in an Active Directory group that is authorized - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 29
to verify the file size" error message After scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 30
and file server (or servers) on port 445. "The network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 31
to an Active Directory group that is included in the authorization list for this function. "Unable to determine Windows User ID" error message This error indicates that PKI Authentication is not setting the userid for the session. 1 From the Embedded Web Server, click Settings > Embedded Solutions - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 33
and commences on the date the Software Program is delivered to the original end-user. This limited warranty applies only to Software Program media purchased new from Lexmark or an Authorized Lexmark Reseller or Distributor. Lexmark will replace the Software Program should it be determined that the - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 34
the time of download. Use of user. Any transfer must include all software components, media error correction, and security testing. If you have such statutory rights, you will notify Lexmark in writing of any intended reverse engineering, reverse assembly OR OTHERWISE IN CONNECTION WITH ANY PROVISION - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 35
EVEN IF THE ABOVE-STATED REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. 10 TERM. This License Agreement is effective unless terminated or rejected. You by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 36
provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 37
5 error message unsupported USB device 21 F file shares creating 17 editing or deleting 19 firmware updating 6 version 6 H hosts file 14 L LDAP referrals 14 Logon Screen customizing 12 logout automatic 9 M multi-homed servers hosts file for 14 N network settings finding 5 network setup page - Lexmark W850 | PKI-Enabled Device Installation and Configuration Guide - Page 38
28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server must use hostname with Kerberos 27 SMTP server requires authentication 27 unable to authenticate
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550