Lexmark X925 PKI-Enabled Device Installation and Configuration Guide
Lexmark X925 Manual
View all Lexmark X925 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X925 manual content summary:
- Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 2
will be incorporated in later editions. Improvements or changes in the products or the programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 3
updating the firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring printer settings for use with PKI applications 8 TCP/IP settings ...8 Date and time...9 Panel login timeout...9 Certificate management ...10 Configuring Scan to Email...10 SMTP - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 5
by an authorized user. Also referred to as Print Release Lite. PKI Authentication is the only required application, and must be installed and configured if you plan to attach a SmartCard reader to the printer. This guide is intended for use by Lexmark service providers, and network administrators - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 6
Page. The network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 7
Solutions tab, you should now see an authentication token listed under Installed Solutions. Installing PKI applications The PKI applications enable users to sign and encrypt E-mail messages sent from the printer, securely scan documents and images to a network file share, and hold documents at the - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 8
: Application PKI Authentication PKI S/MIME Email Installation file pkiadauth-x.x.x.fls pkiademail-x.x.x.fls PKI Scan to Network pkiadnetworkscan.x.x.x-fls PKI Held Jobs (Print Release Lite) pkiadheldjobs.x.x.x.fls The file names shown are not version-specific. Use the latest version available - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 10
support in LDAP. In order to use PKI Authentication, you must install address book settings on the printer. If users will not be allowed to access Scan to Email, you can skip this type the number of seconds the printer will wait for a response from the SMTP server before timing out. 6 Verify that the - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 11
. • E-mail Bit Depth-Set to 8-bit for grayscale imaging, or 1-bit for black and white. 3 Adjust other scan settings as needed. 4 Click Submit. Address Book setup Configuring the printer Address Book enables users to search your network Global Address Book for E-mail addresses. 1 From the Embedded - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 12
the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card Pin must be Numeric Only, or can be Alphanumeric. 4 If desired, provide custom Logon Screen Text, with special instruction for users, or a custom Logon Screen Image. Custom - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 13
time the printer should wait for a response from the domain controller before moving to the next one in the list. 5 If users are allowed to login manually, provide at least one Manual controller to the root CA, must be installed on the printer, and Online Certificate Status Protocol (OCSP) settings - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 14
authorize users. Solution-specific access control 1 is the default and recommended setting. 8 Continue to Advanced Settings, or click Apply at the bottom of the screen to save changes. Advanced Settings Not all networks will require the advanced settings. Adjust them as needed to allow the printer - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 15
Web Server, click Settings > Embedded Solutions > PKI S/MIME Email > Configure. 2 For From Address, select either Card Email Address (SmartCard) or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select LDAP - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 16
Change Attachment Name • Return to Email Screen-By default, users are returned to the home screen after sending E-mail. This option returns the user to the E-maill screen, preserving previously selected recipients, subject, message, and scan options. 5 Click Apply. Configuring PKI Scan to Network - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 17
control 1). Note: Authorization can be further restricted when configuring specific Scan to Network file shares. 6 Continue to Default Scan Settings, or click Apply at the bottom of the screen to save changes. Default Scan Settings The default scan settings are passed to all new file shares. You can - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 18
file share with the Windows User ID: - Display Name-User Share - UNC Path-\\dfs\shares\%u - Replacement Value-LDAP Lookup - LDAP - Replacement Attribute-samaccountname • Default Filename-The default filename for scanned documents. If users are not allowed to change the default, a timestamp is - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 19
Adjust the settings for the selected share as needed, and then click Apply to save your changes. To delete a file share: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Scan to Network > Configure. 2 Under File Shares, highlight the name of the share you want to remove, and - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 20
want to allow users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to allow users to select a can also be set to expire, either at the same time Confidential jobs expire, or at another time: • Verify Job Expiration-Can be set to Off, Same - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 21
Troubleshooting Login Issues "Unsupported USB Device" error message A SUPPORTED SMARTCARD READER HAS BEEN INSTALLED BEFORE THE PKI FIRMWARE AND APPLICATIONS The reader can not be installed until the firmware and applications have been installed. Remove the card reader, and see "Installing the - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 22
time on the printer: 1 From the Embedded Web Server, click Settings > Security > Set Date and Time. 2 If you have manually configured date and time settings, verify and correct as needed. Make sure the time zone and daylight savings time settings are correct. Note: If your network Submit. Users are - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 23
IS BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 24
solution settings do not support multiple Kerberos Realm entries. time, and then may or may not work This normally occurs either during login (at "Getting User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT 636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 25
changes. PORT 389 IS BEING USED, BUT THE LDAP SERVER REQUIRES SSL 1 From the Embedded Web Server, click Settings > Network/ users. THE LDAP ATTRIBUTE BEING SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Troubleshooting - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 26
Scan to Email issues "Email cannot be sent because an error occurred trying to get your email address" error message THERE IS A CONFLICT BETWEEN THE LOGIN TYPE, AND HOW THE FROM ADDRESS IS BEING RETRIEVED This error occurs when a user is logged in manually, but PKI S/MIME Email is configured to - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 27
you have the correct firmware version installed. For information about finding the correct version for your printer, see "Verifying and updating the firmware" on page 6. If you have verified or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 28
to save any needed changes. SMTP SERVER AUTHENTICATION IS SET TO KERBEROS 5, BUT THE SMTP SERVER REPORTS GSSAPI IS NOT SUPPORTED 1 From the Embedded authorized to use the function. If user authorization is enabled for Scan to Network, add the user to an Active Directory group that Troubleshooting 28 - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 29
size" error message After scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting 29 - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 30
save any needed changes. THE HOSTNAME network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share. Troubleshooting - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 31
Settings > Embedded Solutions > PKI Scan to Network > Configure. 2 Under File User Principal Name-The SmartCard principal name, or the credential provided by manual User Session and Access Control, select LDAP Lookup for the Session Userid. 3 Click Apply to save any needed changes. Troubleshooting - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 32
to a different printer, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 33
suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed materials - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 34
license, or electronic license terms at the time of download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 35
reject or terminate this license at any time by destroying all copies of the Software in any jurisdiction will apply. 14 UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Software Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 36
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 37
settings configuring 10 supported devices 5 T TCP/IP settings 8 timeout automatic 9 troubleshooting 501 5.5.4 Invalid Address error 27 authentication failure 22 authorization to use Held Jobs 31 authorization to use Print Release Lite 31 authorization to use Scan to Network 28 certificate error - Lexmark X925 | PKI-Enabled Device Installation and Configuration Guide - Page 38
use Print Release Lite 31 not authorized to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server must use hostname with Kerberos
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550