Lexmark X782e PKI-Enabled MFP Installation and Configuration Guide - Page 54
LDAP Issues
View all Lexmark X782e manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 54 highlights
Realm on the card was not found in the Kerberos Configuration File. Client ("name") unknown. Login hangs for a long time at "Getting User Info..." User is almost immediately logged out after logging in. Windows domain in lower case to the Kerberos Domain setting. For example, if the user's domain is "x.y.z", set the Kerberos Domain to "mil,.mil.x.y.z". Resolution: If using a Kerberos Configuration File, add a mapping to the "domain_realm" section, the maps from the lower case windows domain to the uppercase realm - similar to the existing mapping for the mil domain. Cause: This error occurs during a card login and indicates the Kerberos Realm referred to does not exist in the Kerberos Configuration File. Resolution: The PKI/AD Authentication solutions' Kerberos settings cannot be used to support multiple Kerberos Realms. Refer to the PKI PreInstallation Guide for creating a Kerberos Configuration File. Resolution: A Kerberos Configuration File is already being used; the "realms" section of the configuration file needs to be updated to include the missing realm. Cause: The KDC being used to authenticate the user does not know the User Principal Name (12345678@mil) specified in the error message. Resolution: Verify the KDC specified in the Kerberos settings is the correct one to be using. Cause: The LDAP lookup is taking a long time to complete. Resolution: See the LDAP Troubleshooting section below. Cause: The "Auto Log-Out" timeout is set too short. Resolution: See section 3.5 to configure this setting. 8.2 LDAP Issues Error Message/Symptom LDAP lookups (at "Getting User Info" during login or searching the address book) take a long time and then fail Possible Cause/Resolution Cause: The user's credentials are being used to connect to the LDAP server but the hostname for the LDAP server was not used. Resolution: When the user's credentials are used to connect to the LDAP server, the hostname of the LDAP server must be used instead of the IP address. Check the LDAP configuration. Cause: Port 389 (non-SSL) or Port 636 (SSL) is Version 2.0.0 Page 48