Lexmark X792 Common Criteria Installation Supplement and Administrator Guide
Lexmark X792 Manual
View all Lexmark X792 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X792 manual content summary:
- Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation Supplement and Administrator Guide November 2011 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 2
of operation in conjunction with other products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. © 2011 Lexmark International, Inc. All rights reserved. UNITED STATES GOVERNMENT RIGHTS This software and any accompanying documentation - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 3
18 Other settings and functions...19 Network Time Protocol...19 Kerberos...19 Security audit logging ...20 E-mail ...22 Fax...24 Configuring security reset jumper behavior ...25 User access...25 Creating user accounts through the EWS ...25 Configuring LDAP+GSSAPI...27 Configuring Common Access Card - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 4
functions using the EWS 34 Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer home screen fails to return to a locked state when not in use 37 Login screen does not appear when a Smart Card is inserted 37 "The KDC and MFP clocks are different beyond an - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 5
see the User Guide that came with your MFP. For information about using the MFP touch screen, see"Appendix A: Using the touch screen" on page 44. Supported devices This guide describes how to implement an evaluated configuration on the following models: • Lexmark X548 • Lexmark XS548 • Lexmark X792 - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 6
processing functions are disabled at the factory. 2 Turn the MFP on using the power switch. 3 From the home screen, touch > Reports > Menu Settings Page. Several pages of device information will print. 4 In the Installed Features section, verify that no Download Emulator (DLE) option cards have been - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 7
removed, and the security jumper cannot be accessed without causing visible damage to the device. Note: If you are using a Lexmark 6500e scanner with a T650, T652, T654, or T656 printer, then you must attach a lock to both the scanner and the printer. 1 Verify that the MFP case is closed. 2 Locate - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 8
message appears: Contents will be lost. Continue? • Touch Yes to proceed with disk wiping and encryption. A status bar will indicate the progress of the encryption task. Disk encryption can take several hours to complete. After the disk has been encrypted, the MFP will return to the Enable/Disable - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 9
for deletion. Multi‑pass wiping is compliant with the DoD 5220.22‑M standard for securely erasing data from a hard disk. 1 From the home screen, touch > Security > Disk Wiping. 2 Set Wiping Mode to Auto. 3 Set Automatic Method to Multi‑pass. 4 Touch Submit. Enabling the backup password (optional - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 10
to each device function to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch > Security > Edit Security Setups > Edit Building Blocks > Internal Accounts > General Settings > Groups for Internal - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 11
Setups > Edit Building Blocks > Internal Accounts > 2 On the General Settings screen, set Required User Credentials to User ID and password, and then touch Submit. The MFP a variation of the user ID. 7 Retype the password, and then touch Done. 8 Type the user's e-mail address (example: "jsmith@ - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 12
Security Setups > Edit Security Templates. • To remove all security templates, touch Delete List. on page 47. 1 From the home screen, touch > Security > Edit Security Setups > Disabled-This disables access to a function for all users and administrators. • Not applicable-The function has been disabled - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 13
users only Address Book Authenticated users only Create Profiles Disabled Create Bookmarks at the Device Disabled Create Bookmarks Remotely Disabled Flash Drive Print Not applicable-USB port disabled Flash Drive Color Printing Not applicable-USB port disabled Flash Drive Scan - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 14
14 Access control Held Jobs Access Use Profiles Change Language from Home Screen Cancel Jobs at the Device PictBridge Printing Solution 1 Solutions 2‑10 New Solutions Level of protection Disabled Authenticated users only Authenticated users only Administrator access only Not applicable-USB port - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 15
menus. Note: If the device IP address or host name is not readily apparent, then you can find it by printing a network setup page. Printing a network setup page From the home screen, touch > Reports > Network Setup Page. After the network setup page prints, the MFP will return to the home screen - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 16
:255.255.255.255 or a DNS address using the format DNS:ldap.company.com. Leave this field blank if you want to use the IPv4 address. 4 Click Generate New Certificate. Note: All fields accept a maximum of 128 characters, except where noted. Viewing, downloading, and deleting a certificate 1 From the - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 17
Download Signing Request-Download see "Using the Embedded Web Server" on page 15. 2 Click New. 3 Click IP packets as they are transmitted over the network between devices. It does not handle authentication or 7 Type the IP address of the client device you want to connect to the MFP. If you are using - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 18
Setup screen or the home icon to return to the home screen. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the MFP using a network connection. For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 1 From the Embedded - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 19
field, type the IP address or host name of the NTP server, and then touch Submit. 4 If the NTP server requires authentication, then set Enable Authentication to On. 5 Touch Submit. Kerberos If you will be using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, then you must first - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 20
the Embedded Web Server" on page 15. 2 Under Advanced Security Setup, at Step 1, click that it is functional. Notes: • Click Delete File to remove the Kerberos configuration file Security Setups > Edit Building Blocks > Simple Kerberos Setup. 2 Type the KDC (Key Distribution Center) IP address or - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 21
addresses (separated by commas) in the "Admin's e‑mail address" field, and then choose how events will be handled: • Select E‑mail log cleared alert if you want the MFP to send an e-mail when the Delete Submit to save changes, and then follow the Setup E-mail Server link to configure SMTP settings. - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 22
must be blank. • Password-This must be blank. • Path-This must be "/". • File Name-This must be "image" (default). • Web Link-This must be blank. SMTP settings 1 From the Embedded Web Server, click Settings > E-mail/FTP Settings > SMTP Setup. 2 Under SMTP Setup, type the IP address or host name of - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 23
E-mail Settings screen. 4 Set E‑mail images sent as to Attachment. 5 Touch Submit. SMTP settings 1 From the home screen, touch > Network/Ports > SMTP Setup. 2 Touch the Primary SMTP Gateway field, type the IP address or host name of the primary SMTP gateway the MFP will use for sending e-mail, and - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 24
for your network in the "Device Userid," "Device password," and "Kerberos 5 Realm" or "NTLM Domain" fields. 12 Touch Submit. Fax If your MFP includes fax capabilities and is attached to a phone line, then you must disable fax forwarding, enable held faxes, and disable driver to fax. Using the - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 25
MFP from the evaluated configuration. 1 From the home screen, touch > Security > Miscellaneous Security Settings. 2 For Security Reset Jumper, select any of the following: • Access controls = "No security"-This removes security only from function access controls. • Reset factory security defaults - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 26
will be given access to black‑and‑white printing only, administrative office staff will be able to print in black and white and send faxes, and employees in the marketing department will have access to black‑and‑white printing, color printing, and faxing. Scenario 1: Creating groups based on - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 27
authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP+GSSAPI configurations. Each - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 28
User ID and Password or User ID to specify which credentials a user must provide when attempting to access a function protected by the LDAP building block. Device Credentials (optional) • Use Active Directory Device Credentials-Click to select or clear. When the printer authenticates to the LDAP - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 29
select or clear. When the printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting anonymous binding or the specified credentials in the MFP's Kerberos Username and MFP's Password fields. • MFP's Kerberos Username-Type the distinguished - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 30
to insert a Common Access Card to access the MFP. 5 Select whether the Card PIN can be numeric only or alphanumeric. 6 If you want to, provide a custom Logon Screen Text with special instructions for users or a custom Logon Screen Image. Custom screen images must be in GIF format and must not be - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 31
click Browse to locate a Hosts File with host name-IP address mappings. 16 Select the Wait for Active Network check box to display Waiting for network on the touch screen after the MFP is turned on. This message disappears when the network becomes available. 17 Click Apply. Note: You must install at - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 32
device function to control which users are permitted to access that page 30. 6 Click Add authorization, and then select an option from the Authorization Setup list. This list will be populated with the authentication building blocks that have been configured on the MFP (internal accounts, LDAP - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 33
to use. To view the default icon image, click View Current Value. 5 For Access Control, select Solution‑specific access control 1. 6 Select from the following Release Options to specify how users will be able to release print jobs: • Release Method-Select User Selects job(s) to print if you want to - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 34
the EWS Access to MFP functions can be restricted by applying security templates to individual functions. A list of access controls and what they do can be found in "Access controls" on page 47. 1 From the Embedded Web Server, click Settings > Security > Security Setup. Note: For information about - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 35
Function Access Access control Address Book Create Profiles Create Bookmarks at the Device Create Bookmarks Remotely Flash Drive Print Flash Drive Color Printing Flash Drive Scan Copy Function Copy Color Printing Color Dropout E‑mail Function Fax Function Release Held Faxes FTP Function Held Jobs - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 36
36 Access control Use Profiles Change Language from Home Screen Cancel Jobs at the Device PictBridge Printing Level of protection Authenticated users only Authenticated users only Administrator access only Not applicable-USB port disabled Device Solutions Access control Solution 1 Solutions 2-10 - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 37
37 Troubleshooting Login issues "Unsupported USB Device" error message MAKE SURE A SUPPORTED SMART CARD READER IS ATTACHED Only the OmniKey reader that came with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen fails to return to a locked - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 38
38 "The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time" error message This error indicates that the printer clock is more than five minutes out of sync with the domain controller clock. VERIFY THE DATE AND TIME ON THE PRINTER 1 From the Embedded Web Server - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 39
88 IS NOT BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message MAKE SURE THE WINDOWS DOMAIN IS SPECIFIED IN THE KERBEROS SETTINGS 1 From the Embedded Web Server, click - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 40
has been added to the file correctly. "Client [NAME] unknown" error message This error indicates that the KDC being used to authenticate the user does not recognize the User Principal Name specified in the error message. VERIFY THAT THE DOMAIN CONTROLLER INFORMATION IS CORRECT 1 From the Embedded - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 41
during address book searches, user e-mail address searches, or user home directory searches. Try one or more of the following: VERIFY THAT THE ADDRESS BOOK SETUP CONTAINS THE HOST NAME FOR THE LDAP SERVER 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 Verify - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 42
Smart Card principal name or the credential provided by manual login is used to set the user ID. • LDAP Lookup-The user ID is retrieved from Active Directory. 3 Click Apply to save any needed changes. "There are no jobs available for [USER]" error message Try one or more of the following: MAKE SURE - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 43
then select the check box next to the application name, and then click Start. • If PKI Held Jobs does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. MAKE SURE ALL JOBS ARE REQUIRED TO BE HELD 1 From the Embedded Web Server, click Settings - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 44
the front of the MFP is touch‑sensitive and additional icons): Copy Release Held Faxes E-mail @ Search FTP Held one or more alphanumeric entries, such as server addresses, user names, and passwords. When an alphanumeric entry is needed, a keyboard appears: Password ~ 1! @# 23 $ 4 5% ^ 6 - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 45
you touch Caps again. Password ~ 1! @# $ %^ 23456 &* 7 8 ( 9 ) 0 _ + - = @ QWE RT Y U I O P [{ ]} \| : " Caps A S D F G H J K L ; Clear Shift Z X C V B N M ? , . / Backspace .com .org Space Cancel Done Touch Backspace to delete a single character or - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 46
used in this guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Department of Defense - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 47
of the Settings menu from the Embedded Web Server. NPA Network Adapter Setting Changes When disabled, all network adapter NPA settings change commands are ignored. Option Card Configuration at the Device This controls access to the Option Card Configuration section of the Settings menu from the - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 48
address book searches in the Scan to Fax and Scan to E‑mail functions. Cancel Jobs at the Device This controls the ability to cancel jobs from the printer control panel. Change Language from Home Screen This controls access to the Change Language feature from the printer control panel. Color - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 49
new profiles. This controls access to the Scan to E‑mail function. This controls access to the Scan to Fax function. This controls the ability to print color from a flash drive. Users who are denied will have their print jobs printed in black and white. This controls the ability to update firmware - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 50
50 Appendix D: Using Common Access Cards Using a Common Access Card to access the printer 1 Insert your Common Access Card into the card reader attached to the printer. 2 When prompted, enter your PIN using the keypad that appears on the touch screen, and then touch Next. It may take a moment for - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 51
Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed materials and electronic documentation. BY USING - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 52
terms at the time of download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed materials, and this License - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 53
14 UNITED support services performed with respect to the Software Program and requested by you. Lexmark agrees not to use this information in a form that personally identifies you except to the extent necessary to provide such services. 16 EXPORT RESTRICTIONS. You may not (a) acquire, ship, transfer - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 54
LDAP+GSSAPI configuring 27 logging configuring the security audit log 20 N network protocols allowed 18 network settings finding 15 network setup page printing 15 Network pre‑configuration tasks verifying firmware 6 verifying physical interfaces 6 S security reset jumper on motherboard 25 security - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 55
held at printer 43 jobs print immediately 43 KDC and MFP clocks out of sync 38 KDC did not respond within the required time 39 Kerberos file not uploaded 38 LDAP lookup failure 41 LDAP lookups take too long 41 login does not respond while getting user info 40 login screen does not appear when card - Lexmark X792 | Common Criteria Installation Supplement and Administrator Guide - Page 56
PN 3065326 Rev. 001 www.lexmark.com *3065326*
Common Criteria
Installation Supplement and Administrator Guide
November 2011
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2011 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3065326-001