Lexmark X864 PKI-Enabled Device Installation and Configuration Guide - Page 12

3

Type the Server Port that will be used for address book lookups. The most commonly-used values are:

Non-SSL connections

—Port 389 (the default setting on the printer)

SSL connections

—Port 636

Non-SSL Global Catalog

—Port 3268

SSL Global Catalog

—Port 3269

4

Select whether or not

LDAP Certificate Validation

will be required.

5

Select

Use GSSAPI

.

6

Type a name for the Mail Attribute (usually “mail”).

7

Leave the Fax Number Attribute at the default value.

8

Type one or more Search Base values to be used when querying the LDAP directory. Use commas to separate

multiple entries. Example: “ou=installation,dc=branch,dc=mil”.

9

Set the Search Timeout, to specify the maximum time allowed for each LDAP query.

10

Select the combination of LDAP attributes used to find the Displayed Name for an E-mail address (also referred

to as the “friendly” name). If in doubt, leave the default value.

11

Type a number for the Max Search Results to be returned from an LDAP query.

12

Select

Use user credentials

.

13

Click

Submit

.

Configuring PKI Authentication

PKI Authentication must be configured and running for other PKI applications to work. It provides the login screen

and authentication mechanism, and supports user authorization to the device and device functions.

Logon screen

The logon screen contains text and a graphic prompting the user to insert a SmartCard to access the printer. This

screen can be configured to display custom text or a custom image, or icons for options such as Copy and Fax.

1

From the Embedded Web Server, click

Settings

>

Embedded Solutions

>

PKI Authentication

>

Configure

.

2

For Logon Type, select whether users can access the printer using

Card Only

(SmartCard),

Card or Manual

Login

, or

Manual Login Only

(userid/password).

3

Select whether Card Pin must be

Numeric Only

, or can be

Alphanumeric

.

4

If desired, provide custom

Logon Screen Text

, with special instruction for users, or a custom

Logon Screen

Image

. Custom screen images must be in GIF format, and no larger than 800 x 320 pixels.

5

Select

Allow Copy without Card

if you want to enable users to make copies without authenticating to the printer.

6

Select

Allow Fax without Card

if you want to enable users to send faxes without authenticating to the printer.

7

Continue to Active Directory Configuration, or click

Apply

at the bottom of the screen to save changes.

Configuring PKI-enabled devices

12

Section	Page
Contents	3
Configuring PKI-enabled devices	5
Overview	5
Supported devices	5
Before configuring the printer	5
Installing the firmware and applications	6
Verifying and updating the firmware	6
Installing the authentication token application	7
Installing PKI applications	7
Configuring printer settings for use with PKI applications	8
TCP/IP settings	8
Date and time	9
Panel login timeout	9
Certificate management	10
Configuring Scan to Email	10
SMTP settings	10
E-mail settings	11
Address Book setup	11
Configuring PKI Authentication	12
Logon screen	12
Active Directory Configuration	13
User Session and Access Control	14
Advanced Settings	14
Configuring PKI S/MIME Email	15
PKI S/MIME settings	15
Configuring PKI Scan to Network	16
General Settings	16
Default Scan Settings	17
Creating file shares	17
Editing or deleting a file share	19
Configuring PKI Held Jobs	19
PKI Held Jobs settings	19
Troubleshooting	21
Login Issues	21
“Unsupported USB Device” error message	21
The printer home screen does not return to a locked state when not in use	21
Login screen does not appear when a SmartCard is inserted	22
“The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time” err ...	22
“Kerberos configuration file has not been uploaded” error message	22
Users are unable to authenticate	22
“The Domain Controller Issuing Certificate has not been installed” error message	23
“The KDC did not respond within the required time” error message	23
“User's Realm was not found in the Kerberos Configuration file” error message	23
“Realm on the card was not found in the Kerberos Configuration File” error message	24
“Client [NAME] unknown” error message	24
Login hangs for a long time at “Getting User Info...”	24
User is logged out almost immediately after logging in	24
LDAP issues	24
LDAP lookups take a long time, and then may or may not work	24
LDAP lookups fail almost immediately	25
Scan to Email issues	26
“Email cannot be sent because an error occurred trying to get your email address” error message	26
“Email cannot be sent because you are not authorized to perform this function” error message	26
“The email cannot be sent because a valid digital signature could not be found on your card” error m ...	26
“The email cannot be sent because it cannot be digitally signed when a manual login is performed” er ...	26
“Email cannot be sent. Unable to find valid encryption certificate for [E-mail address]” error message	27
Unable to send E-mail (SMTP-related issues)	27
Scan to Network issues	28
“You are not authorized to use this feature” Scan to Network error message	28
“This feature is not available because no file shares have been configured by the system administrat ...	28
“This feature is not available because you are not authorized to scan to any of the available file s ...	28
“An LDAP error occurred trying to retrieve the selected file share destination” error message	28
“No UNC Path has been defined for this destination” error message	29
“The scanned file size and saved file size do not match” error message	29
“User does not have read access to the file share; unable to verify the file size” error message	29
“Invalid filename specified” error message	30
“An error occurred connecting or writing to the File Share” error message	30
“The network share name does not exist on the specified file server” error message	30
Held Jobs/Print Release Lite issues	31
“You are not authorized to use this feature” Held Jobs error message	31
“Unable to determine Windows User ID” error message	31
“There are no jobs available for [USER]” error message	31
Jobs are printing out immediately	32
Notices	33
GNU Lesser General Public License	33
LEXMARK SOFTWARE LICENSE AGREEMENT	33
Additional copyrights	35

Lexmark X864 PKI-Enabled Device Installation and Configuration Guide - Page 12

Configuring PKI Authentication

Page 12 highlights