Lexmark X952 PKI-Enabled Device Installation and Configuration Guide
Lexmark X952 Manual
View all Lexmark X952 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X952 manual content summary:
- Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 3
Supported devices ...5 Before configuring the printer ...5 Installing the firmware and applications...6 Verifying and updating the firmware PKI Held Jobs settings ...19 Troubleshooting 21 Login Issues...21 LDAP issues...24 Scan to Email issues...26 Scan to Network issues...28 Held Jobs/Print Release - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 5
the printer. This guide is intended for use by Lexmark service providers, and network administrators responsible for the management of security appliances and software in their network environment. For information about physically setting up the printer or using printer features, see the User Guide - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 6
Setup Page. The network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 7
has finished, click Return. On the Solutions tab, you should now see an authentication token listed under Installed Solutions. Installing PKI applications The PKI applications enable users to sign and encrypt E-mail messages sent from the printer, securely scan documents and images to a network - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 8
a static IP address, verify the WINS Server Address, and the DNS Server Address. • If the printer is located in a different domain than the domain controller, the E-mail server, or any file share users may need to scan to from the device, list the additional domains in the Domain Search Order field - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 10
> Certificate Authority Management. 2 Click New. 3 Browse to locate the Certificate Authority Source file, and then click Submit. Note: must configure E-mail and address book settings on the printer. If users will not be allowed to access Scan to Email, you can skip this section. SMTP settings - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 11
to 8-bit for grayscale imaging, or 1-bit for black and white. 3 Adjust other scan settings as needed. 4 Click Submit. Address Book setup Configuring the printer Address Book enables users to search your network Global Address Book for E-mail addresses. 1 From the Embedded Web Server, click Settings - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 12
Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card Pin must be Numeric Only, or can be Alphanumeric. 4 If desired, provide custom Logon Screen Text, with special instruction for users, or - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 13
with SmartCard and PIN. Network functions that require authentication will not be available to users. • Active Directory-Users are validated against Active Directory with SmartCard and PIN. 3 Select Use MFP Kerberos Setup to use the Kerberos settings already configured on the printer, or clear the - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 14
. Adjust them as needed to allow the printer to communicate on your network. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable Reverse DNS Lookups if they are not supported on your network. 3 To use only the information provided by - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 15
PKI S/MIME settings This application is only used if Scan to Email is enabled. If you are not using Scan to Email, you can skip this section. 1 From or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 16
to Network If users will have access to Scan to Network, you must also configure PKI Scan to Network. If users will not be allowed to access Scan to Network, you can skip this section. General Settings General Settings control how text and icons are displayed on the printer home screen for Scan to - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 17
of the paper. Note: Leaving a small space around the edges that is not scanned usually results in better image quality. • Select Scan Preview to allow users preview and verify the first page of a document before the rest is scanned. 3 Click Apply at the bottom of the screen to save changes, before - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 18
"$" from Fileshare Name to remove the last dollar sign in the UNC path, so that users will be able to write to this share (necessary on some networks). • Select Create Directory to create the specified directory if it does not already exist when a user attempts to scan a document to this share - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 19
Scan to Network > Configure. 2 Under File Shares, highlight the name of the share you want to remove, and then click Delete. A confirmation page will be displayed. 3 Click Remove to finish Jobs icon on the printer home screen. 3 To ), click Browse to locate the image you want to authorize user groups. - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 20
. 8 Select Advanced Settings as needed: • Select Require All Jobs to be Held if you want to require all jobs to remain on the printer until released by an authorized user, or until they expire. • Select Clear Print Data to clear the memory associated with each print job once the job is released - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 21
firmware and applications" on page 6. A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the MFP is supported. Remove the unsupported reader and attach the OmniKey reader. The printer of installed solutions, contact the Lexmark Solutions Help Desk for assistance. PKI - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 22
Lexmark Solutions Help Desk for assistance. "The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time" error message This error indicates the printer File, Browse to locate the appropriate krb5.conf file, and then click Submit. Users are unable to authenticate - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 23
, or modifying certificates, see "Certificate management" on page 10. "The KDC did not respond within the required printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual Troubleshooting 23 - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 24
normally occurs either during login (at "Getting User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT 636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer to communicate with the LDAP server, and must be open in order for LDAP lookups to work. Troubleshooting 24 - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 25
ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: 1 From users. THE LDAP ATTRIBUTE BEING SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Troubleshooting - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 26
Click Apply. THE LDAP LOOKUP FAILED For help resolving LDAP-related problems, see "LDAP issues" on page 24. "Email cannot be sent because you are not authorized to perform this function" error message This error usually indicates the user in not in an Active Directory group that is authorized to use - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 27
installed. For information about finding the correct version for your printer, see "Verifying and updating the firmware" on page 6. If you have verified or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 5.5.4 INVALID ADDRESS" ERROR FROM THE - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 28
communication between the printer and SMTP server on port 25. Scan to Network issues "You are not authorized to use this feature" Scan to Network error message This error usually indicates the user in not in For information about LDAP-related issues, see "LDAP issues" on page 24. Troubleshooting 28 - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 29
size" error message After scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting 29 - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 30
Domain Name. Normally, the domain will be the same one assigned to user workstations. • If the printer is located in a different domain than the domain controller, the E-mail server, or any file share users may need to scan to from the device, list the additional domains in the Domain Search Order - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 31
Embedded Solutions > PKI Scan to Network > Configure. 2 Under File Shares, highlight the name of the share you want to modify, and then click Edit. The configuration page for that share will be displayed. 3 Under General Settings, select Remove "$" from Fileshare Name to remove the last dollar sign - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 33
provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio use, you must limit the number of authorized users to the number specified in your agreement with Lexmark. You may not separate the components of the - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 34
network. c Reservation of Rights. The Software Program, including all fonts, is copyrighted and owned by Lexmark International, Inc. and/or its suppliers. Lexmark TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 35
with the terms of this License Agreement, any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, the terms of this License Agreement - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 36
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 37
not appear when card is inserted 22 MFP clock out of sync 22 missing Kerberos realm 24 multiple Kerberos realms 24 network share name does not exist 30 no file shares error 28 no jobs available to user 31 no UNC path defined 29 not authorized to scan to file shares error 28 Index - Lexmark X952 | PKI-Enabled Device Installation and Configuration Guide - Page 38
not authorized to use Held Jobs 31 not authorized to use Print Release Lite 31 not authorized to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550