Lexmark X782e PKI-Enabled MFP Installation and Configuration Guide - Page 54

LDAP Issues

Get Lexmark X782e PDF manuals and user guides View all Lexmark X782e manuals
Add to My Manuals
Save this manual to your list of manuals

Page 54 highlights

Realm on the card was not found in the Kerberos Configuration File. Client ("name") unknown. Login hangs for a long time at "Getting User Info..." User is almost immediately logged out after logging in. Windows domain in lower case to the Kerberos Domain setting. For example, if the user's domain is "x.y.z", set the Kerberos Domain to "mil,.mil.x.y.z". Resolution: If using a Kerberos Configuration File, add a mapping to the "domain_realm" section, the maps from the lower case windows domain to the uppercase realm - similar to the existing mapping for the mil domain. Cause: This error occurs during a card login and indicates the Kerberos Realm referred to does not exist in the Kerberos Configuration File. Resolution: The PKI/AD Authentication solutions' Kerberos settings cannot be used to support multiple Kerberos Realms. Refer to the PKI PreInstallation Guide for creating a Kerberos Configuration File. Resolution: A Kerberos Configuration File is already being used; the "realms" section of the configuration file needs to be updated to include the missing realm. Cause: The KDC being used to authenticate the user does not know the User Principal Name (12345678@mil) specified in the error message. Resolution: Verify the KDC specified in the Kerberos settings is the correct one to be using. Cause: The LDAP lookup is taking a long time to complete. Resolution: See the LDAP Troubleshooting section below. Cause: The "Auto Log-Out" timeout is set too short. Resolution: See section 3.5 to configure this setting. 8.2 LDAP Issues Error Message/Symptom LDAP lookups (at "Getting User Info" during login or searching the address book) take a long time and then fail Possible Cause/Resolution Cause: The user's credentials are being used to connect to the LDAP server but the hostname for the LDAP server was not used. Resolution: When the user's credentials are used to connect to the LDAP server, the hostname of the LDAP server must be used instead of the IP address. Check the LDAP configuration. Cause: Port 389 (non-SSL) or Port 636 (SSL) is Version 2.0.0 Page 48

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
Version 2.0.0
Page 48
Windows domain in lower case to the Kerberos
Domain setting.
For example, if the user’s
domain is “x.y.z”, set the Kerberos Domain to
“mil,.mil.x.y.z”.
Resolution:
If using a Kerberos Configuration File,
add a mapping to the “domain_realm” section, the
maps from the lower case windows domain to the
uppercase realm – similar to the existing mapping
for the mil domain.
Realm on the card was not found in the
Kerberos Configuration File.
Cause:
This error occurs during a card login and
indicates the Kerberos Realm referred to does not
exist in the Kerberos Configuration File.
Resolution:
The PKI/AD Authentication solutions’
Kerberos settings cannot be used to support
multiple Kerberos Realms.
Refer to the PKI Pre-
Installation Guide for creating a Kerberos
Configuration File.
Resolution:
A Kerberos Configuration File is already
being used; the “realms” section of the
configuration file needs to be updated to include
the missing realm.
Client (“name”) unknown.
Cause:
The KDC being used to authenticate the user
does not know the User Principal Name
(12345678@mil) specified in the error message.
Resolution:
Verify the KDC specified in the
Kerberos settings is the correct one to be using.
Login hangs for a long time at “Getting
User Info…”
Cause:
The LDAP lookup is taking a long time to
complete.
Resolution:
See the LDAP Troubleshooting section
below.
User is almost immediately logged out
after logging in.
Cause:
The “Auto Log-Out” timeout is set too short.
Resolution:
See section 3.5 to configure this setting.
8.2 LDAP Issues
Error Message/Symptom
Possible Cause/Resolution
LDAP lookups (at “Getting User Info”
during login or searching the address
book) take a long time and then fail
Cause:
The user’s credentials are being used to
connect to the LDAP server but the hostname for
the LDAP server was not used.
Resolution:
When the user’s credentials are used to
connect to the LDAP server, the hostname of the
LDAP server must be used instead of the IP
address.
Check the LDAP configuration.
Cause:
Port 389 (non-SSL) or Port 636 (SSL) is