Lexmark X864 PKI-Enabled Device Installation and Configuration Guide
Lexmark X864 Manual
View all Lexmark X864 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X864 manual content summary:
- Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 2
may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don , or services, except those expressly designated by the manufacturer, are the user's responsibility. © 2010 Lexmark International, Inc - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 3
devices 5 Overview...5 Supported devices ...5 Before configuring the printer ...5 Installing the firmware and applications...6 Verifying and updating the firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring printer settings for use with PKI - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 5
the printer. This guide is intended for use by Lexmark service providers, and network administrators responsible for the management of security appliances and software in their network environment. For information about physically setting up the printer or using printer features, see the User Guide - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 6
Page. The network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 7
The PKI applications enable users to sign and encrypt E-mail messages sent from the printer, securely scan documents and images to a network file share, and hold documents at the printer until released by an authorized user. The authentication application is required, but all other applications - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 8
Embedded Web Server, click Settings > Network/Ports > TCP/IP. 2 Under TCP/IP: • Verify the Domain Name. Normally, the domain will be the same one assigned to user workstations. • If using a static IP address, verify the WINS Server Address, and the DNS Server Address. • If the printer is located in - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 10
file. 1 From the Embedded Web Server, click Settings > Security > Certificate Management > Certificate Authority supported, select No Authentication Required. Note: If the SMTP server requires user authentication to send E-mail but does not support Kerberos, the IP address or hostname of the printer - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 11
-The recommended setting is Print only for error. • E-mail Bit Depth-Set to 8-bit for grayscale imaging, or 1-bit for black and white. 3 Adjust other scan settings as needed. 4 Click Submit. Address Book setup Configuring the printer Address Book enables users to search your network Global Address - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 12
9 Set the Search Timeout, to specify the maximum time allowed Settings > Embedded Solutions > PKI Authentication > Configure. 2 For Logon Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 13
with SmartCard and PIN. Network functions that require authentication will not be available to users. • Active Directory-Users are validated against Active Directory with SmartCard and PIN. 3 Select Use MFP Kerberos Setup to use the Kerberos settings already configured on the printer, or clear the - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 14
authorize users. Solution-specific access control 1 is the default and recommended setting. 8 Continue to Advanced Settings, or click Apply at the bottom of the screen to save changes. Advanced Settings Not all networks will require the advanced settings. Adjust them as needed to allow the printer - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 15
how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select LDAP Lookup. 3 Under S/MIME Options, adjust the following settings: • Sign Email- Select Disabled, Prompt User, or Always Sign to determine whether outgoing E-mail messages will - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 16
to require users to choose at least one of the two options when sending E-mail. • Non-Repudiation Required for Signing-If selected, the certificate used for signing E-mail messages must have the non-repudiation bit set. • Encryption Algorithm-Select one of the available encryption sets; Triple DES - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 17
be used to authorize user groups. If groups are not being used, select the same setting used for Device Access Control in PKI Authentication (usually Solution-specific access control 1). Note: Authorization can be further restricted when configuring specific Scan to Network file shares. 6 Continue - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 18
Using a static file share: - Display Name-Network Share - UNC Path-\\fileserver\CACNetworkShare - Replacement Value-User Principal Name - LDAP - Replacement Attribute-Leave blank Using a dynamic file share with the Windows User ID: - Display Name-User Share - UNC Path-\\dfs\shares\%u - Replacement - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 19
file share: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Scan to Network > Configure. 2 Under File Shares, highlight the name user groups. If groups are not being used, select the same setting used for Device Access Control in PKI Authentication (usually Solution-specific - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 20
can also be set to expire, either at the same time Confidential jobs expire, or at another time: • Verify Job Expiration-Can be set to Off, Same Settings as needed: • Select Require All Jobs to be Held if you want to require all jobs to remain on the printer until released by an authorized user, - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 21
Troubleshooting Login Issues "Unsupported USB Device" error message A SUPPORTED SMARTCARD READER HAS BEEN INSTALLED BEFORE THE PKI FIRMWARE AND APPLICATIONS The reader can not be installed until the firmware and applications have been installed. Remove the card reader, and see "Installing the - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 22
MFP's date and time" error message This error indicates the printer clock is more than five minutes out of sync with the domain controller clock. Verify the date and time on the printer: 1 From the Embedded Web Server, click Settings > Security > Set Date and Time. 2 If you have manually configured - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 23
must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings. 1 From the Embedded Web - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 24
"Realm on the card was not found in the Kerberos Configuration File" error message This error occurs during SmartCard login. The PKI Authentication solution settings do not support multiple Kerberos Realm entries. If multiple realms are needed, you must create and upload a krbf5.conf file, - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 25
Submit to save any needed changes. PORT 389 IS BEING USED, BUT THE LDAP SERVER REQUIRES SSL 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 Verify or adjust the following settings: • Server Port-Should be 636. • Use SSL/TLS-Select SSL/TLS. • LDAP Certificate - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 26
be digitally signed when a manual login is performed" error message E-mail can only be digitally signed if the user logs in with a SmartCard. Verify that PKI S/MIME Email is not configured to require that E-mail be signed. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 27
or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 5.5.4 INVALID ADDRESS" ERROR FROM THE SMTP SERVER The domain name on the device has not been configured correctly: 1 From the Embedded Web Server, click Settings > Network/Ports > TCP/IP - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 28
BLOCKED You must adjust server and/or firewall settings to allow communication between the printer and SMTP server on port 25. Scan to Network issues "You are not authorized to use this feature" Scan to Network error message This error usually indicates the user in not in an Active Directory group - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 29
size" error message After scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting 29 - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 30
(or servers) on port 445. "The network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share. Troubleshooting 30 - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 31
, or the credential provided by manual login is used to set the userid (userid). • LDAP Lookup-The userid is retrieved from Active Directory. 3 Click Apply to save any needed changes. "There are no jobs available for [USER]" error message PKI AUTHENTICATION IS NOT SETTING THE CORRECT USERID Normally - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 33
AGREE, DO NOT INSTALL, COPY, DOWNLOAD, OR OTHERWISE USE THE SOFTWARE PROGRAM. time to time, that imply warranties or conditions or impose obligations on Lexmark price paid for the Software Program. 3 LICENSE GRANT. Lexmark of authorized users to the number specified in your agreement with Lexmark. You - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 34
shrink-wrap license, or electronic license terms at the time of download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 35
reject or terminate this license at any time by destroying all copies of the Software by the Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 36
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 37
specified 30 Invalid Message ID error 27 jobs not being held at printer 32 jobs print immediately 32 KDC and MFP clocks out of sync 22 KDC did not respond within the required time 23 Kerberos file not uploaded 22 LDAP lookup failure 25 LDAP lookups take too long 24 login hangs getting user info 24 - Lexmark X864 | PKI-Enabled Device Installation and Configuration Guide - Page 38
Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server must use hostname with Kerberos 27 SMTP server requires authentication 27 unable
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550