Lexmark X652DE PKI-Enabled Device Installation and Configuration Guide
Lexmark X652DE - Mfp Taa Gov Compliant Manual
UPC - 734646093835
View all Lexmark X652DE manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X652DE manual content summary:
- Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 2
instead. Evaluation and verification of operation in conjunction with other products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. © 2010 Lexmark International, Inc. All rights reserved. UNITED STATES GOVERNMENT RIGHTS This software and - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 3
firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring printer settings for use with PKI applications 8 TCP/IP settings ...8 Date and time...9 Panel login timeout...9 Certificate management ...10 Configuring Scan to Email...10 SMTP settings...10 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 5
by an authorized user. Also referred to as Print Release Lite. PKI Authentication is the only required application, and must be installed and configured if you plan to attach a SmartCard reader to the printer. This guide is intended for use by Lexmark service providers, and network administrators - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 6
Setup Page. The network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 7
sent from the printer, securely scan documents and images to a network file share, and hold documents at the printer until released by an authorized user. The authentication application is required, but all other applications are optional and can be installed as needed. Configuring PKI-enabled - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 8
files include: Application Installation file PKI Authentication PKI S/MIME Email pkiadauth-x.x.x.fls pkiademail-x.x.x.fls PKI Scan to Network pkiadnetworkscan.x.x.x-fls PKI Held Jobs (Print Release Lite) pkiadheldjobs.x.x.x.fls The file names shown are not version-specific. Use the - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 10
. If Kerberos is not supported, select No Authentication Required. Note: If the SMTP server requires user authentication to send E-mail but does not support Kerberos, the IP address or hostname of the printer must be added to the SMTP server as a relay. Configuring PKI-enabled devices 10 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 11
recommended setting is Print only for error. • E-mail Bit Depth-Set to 8-bit for grayscale imaging, or 1-bit for black and white. 3 Adjust other scan settings as needed. 4 Click Submit. Address Book setup Configuring the printer Address Book enables users to search your network Global Address Book - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 12
provides the login screen and authentication mechanism, and supports user authorization to the device and device functions. Logon screen The logon screen contains text and a graphic prompting the user to insert a SmartCard to access the printer. This screen can be configured to display custom text - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 13
with SmartCard and PIN. Network functions that require authentication will not be available to users. • Active Directory-Users are validated against Active Directory with SmartCard and PIN. 3 Select Use MFP Kerberos Setup to use the Kerberos settings already configured on the printer, or clear the - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 14
. Adjust them as needed to allow the printer to communicate on your network. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable Reverse DNS Lookups if they are not supported on your network. 3 To use only the information provided by - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 15
Solutions > PKI S/MIME Email > Configure. 2 For From Address, select either Card Email Address (SmartCard) or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select LDAP Lookup. 3 Under S/MIME Options, adjust - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 16
PKI Scan to Network If users will have access to Scan to Network, you must also configure PKI Scan to Network. If users will not be allowed to access Scan to Network, you can skip this section. General Settings General Settings control how text and icons are displayed on the printer home screen for - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 17
Authentication (usually Solution-specific access control 1). Note: Authorization can be further restricted when configuring specific Scan to Network file shares. 6 Continue to Default Scan Settings, or click Apply at the bottom of the screen to save changes. Default Scan Settings The default scan - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 18
-Leave blank Using a dynamic file share with the Windows User ID: - Display Name-User Share - UNC Path-\\dfs\shares\%u - Replacement Value-LDAP Lookup - LDAP - Replacement Attribute-samaccountname • Default Filename-The default filename for scanned documents. If users are not allowed to change the - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 19
. For information about the settings, see "Default Scan Settings" on page 17. 5 Click Apply. Editing or deleting a file share To edit an existing file share: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Scan to Network > Configure. 2 Under File Shares, highlight the name - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 20
all jobs pending for a user print automatically when they select the Held Jobs icon. • Select Show Copies Screen if you want to allow users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to allow users to select a Print All (jobs) button - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 21
the card reader, and see "Installing the firmware and applications" on page 6. A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the MFP is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen does not return to a locked - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 22
screen does not appear when a SmartCard is inserted THE SMARTCARD IS NOT RECOGNIZED BY THE READER Contact the Lexmark Solutions Help Desk for assistance. "The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time" error message This error indicates the printer - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 23
BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 24
normally occurs either during login (at "Getting User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT 636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer to communicate with the LDAP server, and must be open in order for LDAP lookups to work. Troubleshooting 24 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 25
ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable Reverse DNS Lookups. 3 Click Apply. LDAP REFERRALS ARE - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 26
2 For From Address, select LDAP Lookup. 3 Click Apply. THE LDAP LOOKUP FAILED For help resolving LDAP-related problems, see "LDAP issues" on page 24. "Email cannot be sent because you are not authorized to perform this function" error message This error usually indicates the user in not in an Active - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 27
version installed. For information about finding the correct version for your printer, see "Verifying and updating the firmware" on page 6. If you have verified or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 5.5.4 INVALID ADDRESS" ERROR FROM - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 28
group that is included in the authorization list for the needed share (or shares). "An LDAP error occurred trying to retrieve the selected file share destination" error message THE LDAP LOOKUP FAILED For information about LDAP-related issues, see "LDAP issues" on page 24. Troubleshooting 28 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 29
size" error message After scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting 29 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 30
(or servers) on port 445. "The network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share. Troubleshooting 30 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 31
Normally, LDAP lookup is used to set this value. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Under User Session and Access Control, select LDAP Lookup for the Session Userid. 3 Click Apply to save any needed changes. Troubleshooting 31 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 33
of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed materials and electronic documentation - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 34
terms at the time of download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed materials, and this License - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 35
LIMITATIONS APPLY EVEN IF THE ABOVE-STATED REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. 10 TERM. This License Agreement is effective unless terminated you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 36
provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions, and DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 37
5 network setup page printing 5 notices 2 P panel login timeout 9 PKI applications application descriptions 5 installing 7 PKI Authentication Active Directory configuration 13 logon screen settings 12 user session and access control 14 PKI Held Jobs configuring 19 PKI S/MIME configuring 15 PKI Scan - Lexmark X652DE | PKI-Enabled Device Installation and Configuration Guide - Page 38
to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server must use hostname with Kerberos 27 SMTP server requires authentication 27
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550