Lexmark X950 PKI-Enabled Device Installation and Configuration Guide
Lexmark X950 Manual
View all Lexmark X950 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X950 manual content summary:
- Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 3
Contents Configuring PKI-enabled devices 5 Overview...5 Supported devices ...5 Before configuring the printer ...5 Installing the firmware and applications...6 Verifying and updating the firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 5
until released by an authorized user. Also referred to as Print Release Lite. PKI Authentication is the only required application, and must be installed and configured if you plan to attach a SmartCard reader to the printer. This guide is intended for use by Lexmark service providers, and network - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 6
network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI applications - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 7
version LR.FL.P224cLDc LR.SP.P108LDc Note: If your printer does not have the minimum firmware version or a later version installed, you will need to install a firmware update before proceeding to other configuration tasks. Contact the Lexmark Solutions Help Desk for help in obtaining the correct - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 8
Network pkiadnetworkscan.x.x.x-fls PKI Held Jobs (Print Release Lite) pkiadheldjobs.x.x.x.fls The file names shown are not version-specific. Use the latest version available for each file. For information about available versions, contact the Lexmark Solutions Help Desk. PKI Authentication must - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 10
select Kerberos 5 for SMTP Server Authentication. If Kerberos is not supported, select No Authentication Required. Note: If the SMTP server requires user authentication to send E-mail but does not support Kerberos, the IP address or hostname of the printer must be added to the SMTP server as a relay - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 11
a copy of E-mail messages they send from the printer: • Never appears-The "Send me a copy" option never appears. • On by default-The option is on, but can be turned off by users. • Off by default-The option is off, but can be turned on by users. • Always on-Users will always receive a copy of E-mail - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 12
for options such as Copy and Fax. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 For Logon Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 13
as "mil,.mil". • Timeout-The amount of time the printer should wait for a response from the domain controller before moving to the next one in the list. 5 If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging in. Multiple - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 14
values can be entered, separated by commas. 6 Use the Group Authorization List to allow only users in certain Active Directory groups access to specific printer functions, such as color printing. Multiple groups can be entered, separated by commas. Leave blank if not using group authorization - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 15
select either Card Email Address (SmartCard) or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select LDAP Lookup. 3 Under S/MIME Options, adjust the following settings: • Sign Email- Select Disabled, Prompt - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 16
be available to users from the printer touch screen: • User Can Only Send to Self (no other recipients can be added) • User Can Change Options (scan settings) • User Can Change Subject • User Can Change Message • User Can Change Attachment Name • Return to Email Screen-By default, users are returned - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 17
authorize user groups. If groups are not being used, select the same setting used for Device Access Control in PKI Authentication (usually Solution-specific access control 1). Note: Authorization can be further restricted when configuring specific Scan to Network file shares. 6 Continue to Default - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 18
is a static or dynamic path. Possible options include: - Static-Use the fully- Windows User ID: - Display Name-User Share - UNC Path-\\dfs\shares\%u - Replacement Value-LDAP Lookup - LDAP - Replacement Attribute-samaccountname • Default Filename-The default filename for scanned documents. If users - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 19
is pressed), click Browse to locate the image you want to use. To view the default icon image, click View Current Value. 5 From Access Control, select which Access Control should be used to authorize user groups. If groups are not being used, select the same setting used for Device Access Control - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 20
the number of copies for each job from the printer. • Select Allow Users to Print All if you want to allow users to select a Print All (jobs) button, rather than select each print job individually. • Select Date Printed (Descending), Date Printed (Ascending), or Job Name, to determine the order in - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 21
Troubleshooting Login Issues "Unsupported USB Device" error message A SUPPORTED SMARTCARD READER HAS BEEN INSTALLED BEFORE THE PKI FIRMWARE AND APPLICATIONS The reader can not be installed until the firmware list of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 22
Lexmark Solutions Help Desk for assistance. "The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time" error message This error indicates the printer manually configuring NTP settings. 3 If you have configured the printer Submit. Users are unable Troubleshooting 22 - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 23
BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 24
settings do not support multiple Kerberos Realm User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT 636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer to communicate with the LDAP server, and must be open in order for LDAP lookups to work. Troubleshooting - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 25
REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If all necessary users. THE LDAP ATTRIBUTE BEING SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Troubleshooting 25 - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 26
FROM ADDRESS IS BEING RETRIEVED This error occurs when a user is logged in manually, but PKI S/MIME Email is configured to retrieve the users are required (or choose), to digitally sign E-mail messages, the Smart Card must contain a valid signing certificate. By default, the non-repudiation option - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 27
installed. For information about finding the correct version for your printer, see "Verifying and updating the firmware" on page 6. If you have verified or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 5.5.4 INVALID ADDRESS" ERROR FROM THE - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 28
BUT THE SMTP SERVER REPORTS GSSAPI IS NOT SUPPORTED 1 From the Embedded Web Server, click or firewall settings to allow communication between the printer and SMTP server on port 25. Scan need to add at least one file share for users to scan to. For information on adding file shares Troubleshooting 28 - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 29
depend on whether it is a static or dynamic path. Possible options include: - Static-Use the fully-qualified UNC Path. Example: user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 30
(or servers) on port 445. "The network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share. Troubleshooting 30 - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 31
to determine how the Windows Userid will be obtained when a user attempts to log in: • None-The userid is not set. You can select this option if the userid is not needed by other applications. • User Principal Name-The SmartCard principal name, or the credential provided by manual login is used to - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 33
Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed of the price paid for the Software Program. 3 LICENSE GRANT. Lexmark grants you the - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 34
download. Use of the Freeware by you shall be governed entirely by the terms and conditions of such license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed LIABILITY), AND EVEN IF LEXMARK, OR ITS SUPPLIERS, - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 35
with the terms of this License Agreement, any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, the terms of this License Agreement - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 36
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 37
or deleting 19 firmware updating 6 version supported devices 5 T TCP/IP settings 8 timeout automatic 9 troubleshooting manual login 26 home screen does not lock 21 invalid character in filename 30 invalid filename specified 30 Invalid Message ID error 27 jobs not being held at printer 32 jobs print - Lexmark X950 | PKI-Enabled Device Installation and Configuration Guide - Page 38
not authorized to use Print Release Lite 31 not authorized to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550