Lexmark X954 Common Criteria Installation Supplement and Administrator Guide
Lexmark X954 Manual
View all Lexmark X954 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X954 manual content summary:
- Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation Supplement and Administrator Guide November 2011 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 3
18 Shutting down port access...18 Other settings and functions...19 Network Time Protocol...19 Kerberos...19 Security audit logging ...20 E-mail ...22 Fax...24 Configuring security reset jumper behavior ...25 User access...25 Creating user accounts through the EWS ...25 Configuring LDAP+GSSAPI...27 - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 4
Troubleshooting 37 Login issues...37 "Unsupported USB Device" error message ...37 The printer check the MFP's date and time" error message...38 "Kerberos configuration file has not been uploaded" error message 38 Users Windows User ID" error message 42 "There are no jobs available for [USER]" - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 5
Level 2 (EAL 2). It is critical that you carefully follow the instructions in this guide, as failure to do so may result in a device that does not meet the requirements of the evaluation. Using this guide This guide is intended for use by Lexmark service providers, and network administrators - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 6
that no Download Emulator (DLE) option cards have been installed. 5 If you find additional interfaces, or if a DLE card has been installed, then contact your Lexmark representative before proceeding. 6 To verify the firmware version, under Device Information, locate Base =, and Network =. 7 Contact - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 7
cannot be accessed without causing visible damage to the device. Note: If you are using a Lexmark 6500e scanner with a T650, T652, T654, or T656 printer, then you must attach a lock to both the scanner and the printer. 1 Verify that the MFP case is closed. 2 Locate the security slot, and then attach - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 8
the encryption process. Doing so may result in loss of data. 7 Touch Back, and then touch Exit Config Menu. The MFP will undergo a power‑on reset, and then return to normal operating mode. Disabling the USB buffer Disabling the USB buffer disables the USB host port on the back of the - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 9
configuration You can achieve an evaluated configuration on a non-networked (standalone) device in just a few steps. For this word or a variation of the user ID. 1 From the home screen, touch > Security > Edit Security Setups > Edit Backup Password > Password. 2 Type the password you want to use, and - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 10
and password to each user, but also segmenting users into groups. When configuring security templates, you will select one or more of these groups, and then you will apply a security template to each device function to control access to that function. The MFP supports a maximum of 250 user accounts - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 11
Internal Accounts > 2 On the General Settings screen, set Required User Credentials to User ID and password, and then touch Submit. The MFP will return to the access to specific device functions, then select all groups in which the administrator should be included. • For all other users, add only - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 12
set to No Security. • Disabled-This disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Configuration Menu Level of protection - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 13
Configuration Administrator access only Remote Management Administrator access only Firmware Updates Disabled PJL Device Setting Changes Disabled Operator Panel Lock Authenticated users only Address Book Authenticated users only Create Profiles Disabled Create Bookmarks at the Device - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 14
the Device PictBridge Printing Solution 1 Solutions 2‑10 New Solutions Level of protection Disabled Authenticated users only Authenticated users only Administrator access only Not applicable-USB port disabled Authenticated users only Note: When eSF applications are configured, Solution 1 controls - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 15
the basic settings required for a network-connected device. Creating and modifying digital certificates Certificates are needed for domain controller verification and for SSL support in LDAP. Each certificate must be in a separate PEM (.cer) file. Setting certificate defaults The values entered here - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 16
values in the appropriate fields: • Friendly Name-Type a name for the certificate (64‑character maximum). • Common Name-Type a name for the device. Note: Leave this Management window. 4 Do any of the following: • Delete-Remove a previously stored certificate. • Download To File-Download or save - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 17
Download Signing Request-Download IPSec encrypts IP packets as they are transmitted over the network between devices. It does not handle authentication or restrict access the Embedded Web Server" on page 15. 2 Select the IPSec Enable check box, and then click Submit. Your browser will return to the - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 18
on page 15. 1 From the Embedded Web Server, click Settings > Network/Ports > AppleTalk. 2 Verify that the Activate check box is cleared, and then click Submit. Using the touch screen 1 (Plug‑n‑Print) • TCP 10000 (Telnet) • ThinPrint • TCP 65002 (WSD Print Service) • TCP 65004 (WSD Scan Service) - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 19
manually configuring NTP settings. Using the EWS 1 From the Embedded Web Server, click Settings > Security > Set Date and Time. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 2 In the Network Time Protocol section, select the Enable NTP check user - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 20
Settings > Security > Security Audit Log. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 2 Select the Enable Audit check box. - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 21
Server, and then select the Enable Remote Syslog check box. Note: The Enable Remote Syslog check box is unavailable until an IP address or host storage space reaches a specified percentage of capacity. • For "% full alert level" (1-99%), specify the percentage of log storage space that must be used - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 22
% full alert" to Yes. • For "% full alert level," specify the percentage of log storage space that must be settings, see "E-mail" on page 22. E-mail User data sent by the MFP using e-mail must be • Password-This must be blank. • Path-This must be "/". • File Name-This must be "image" (default). • - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 23
SMTP Credentials. 10 From the User‑Initiated E‑mail list, select the option most appropriate for your network or server environment. 11 If . • Login-This must be blank. • Password-This must be blank. • Path-This must be "/". • File Name-This must be "image" (default). • Web Link-This must be blank. - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 24
10 For User‑Initiated E‑mail, select the option most appropriate for your network or server information appropriate for your network in the "Device Userid," "Device password," and "Kerberos 5 page. 5 Under Fax Send Settings, clear the Driver to fax check box. 6 Under Fax Receive Settings, select - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 25
any of the following: • Access controls = "No security"-This removes security only from function access controls. • Reset factory security defaults-This restores all security settings to default values. • No Effect-This removes access to all security menus (use with caution). 3 Touch Submit to save - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 26
faxes, and employees in the marketing department will have access to black‑and‑white printing, color printing, and faxing. Scenario 1: Creating 2 Under Advanced Security Setup, Step 1, click Internal Accounts. 3 From the Required User Credentials list, select User ID and password. 4 Click Submit. - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 27
user ID. • Re‑enter password-Retype the password. • E‑mail-Type the user services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported server. The default LDAP port is - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 28
LDAP server where user accounts reside. printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting anonymous binding or the specified credentials in the MFP's Kerberos Username and MFP's Password LDAP server. The default LDAP port is - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 29
the node in the LDAP server where user accounts reside. Multiple search bases can be printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting anonymous binding or the specified credentials in the MFP's Kerberos Username and MFP's Password - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 30
Card to access the printer" on page 50 supports user Screen Text with special instructions for users or a custom Logon check box to use Simple Kerberos Setup. 10 For Simple Kerberos Setup, you must provide: • Realm-This is the Kerberos realm as configured in Active Directory, typically the Windows - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 31
one in the list. 11 If users are allowed to log in manually, then provide at least one Manual Login Domain (a Windows Domain Name) to choose from when User Session and Access Control section, verify that the Share Session with LDD check box is not selected. 15 If DNS is not enabled on the network, - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 32
helpful to use a descriptive name, such as "Administrator_Only" or "Authenticated_Users." 5 From the Authentication Setup list, select a method for authenticating users. This list will be populated with the authentication building blocks that have been configured on the MFP (internal accounts, LDAP - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 33
selects the Held jobs icon. • Select the Show Copies Screen check box if you want to allow users to change the number of copies for each job from the printer. • Select the Allow Users to Print All check box if you want to allow users to select a Print All button rather than select each print job - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 34
be Held and Clear Print Data check boxes. 9 Click Apply. Controlling access Service Engineer Menus at the Device Service Level of protection Administrator access only Administrator access only Administrator access only Administrator access only Disabled Authenticated users only Authenticated users - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 35
Network Configuration Remote Management Firmware Updates PJL Flash Drive Color Printing Flash Drive Scan Copy Function Copy Color Printing Color Dropout users only Authenticated users only Authenticated users only Authenticated users only Administrator access only Administrator access only Level - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 36
36 Access control Use Profiles Change Language from Home Screen Cancel Jobs at the Device PictBridge Printing Level of protection Authenticated users only Authenticated users only Administrator access only Not applicable-USB port disabled Device Solutions Access control Solution 1 Solutions 2-10 - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 37
Troubleshooting Login issues "Unsupported USB Device" error message MAKE SURE A SUPPORTED SMART CARD READER IS ATTACHED Only the OmniKey reader that came with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer select the check box next Lexmark - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 38
network uses DHCP, then verify that NTP settings are not automatically provided by the DHCP server before manually configuring NTP settings. 3 If you have configured the printer the Use Device Kerberos Setup check box, and then click Apply and then click Submit. Users are unable to authenticate MAKE - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 39
88 IS NOT BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message MAKE SURE THE WINDOWS DOMAIN IS SPECIFIED IN THE KERBEROS SETTINGS 1 From the Embedded Web Server, click - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 40
REALM HAS BEEN ADDED TO THE FILE The PKI Authentication settings do not support multiple Kerberos Realm entries. If multiple realms are needed, then you indicates that the KDC being used to authenticate the user does not recognize the User Principal Name specified in the error message. VERIFY THAT - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 41
User Info") or during address book searches. Try one or more of the following: MAKE SURE PORT 389 (NON‑SSL) AND PORT 636 (SSL) ARE NOT BLOCKED BY A FIREWALL The printer SETUP SETTINGS 1 From the Embedded Web Server, click Settings > Network/Ports > Address Book Setup. 2 Verify or adjust the following - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 42
Held Jobs function. "Unable to determine Windows User ID" error message MAKE SURE PKI AUTHENTICATION IS SETTING THE USER ID FOR THE SESSION 1 From the THE JOBS WERE SENT TO THE CORRECT PRINTER AND WERE PRINTED The user may have sent the job or jobs to a different printer, or the jobs may have been - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 43
• If PKI Held Jobs is installed but is not running, then select the check box next to the application name, and then click Start. • If PKI Held Jobs does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. MAKE SURE ALL JOBS ARE REQUIRED TO BE - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 44
as server addresses, user names, and passwords. When an alphanumeric entry is needed, a keyboard appears : Password ~ 1! @# 23 $ 4 5% ^ 6 &* 7 8 ( 9 ) 0 _ + - = @ QWE RT Y U I O P [{ ]} \| : " Caps A S D F G H J K L - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 45
continue typing. Caps Lock will remain engaged until you touch Caps again. Password ~ 1! @# $ %^ 23456 &* 7 8 ( 9 ) 0 _ + - = @ QWE RT Y U I O P [{ ]} \| : " Caps A S D F G H J K L ; Clear Shift Z X C V B N M ? , . / Backspace .com .org Space Cancel Done - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 46
Service Department of Defense Evaluation Assurance Level Embedded Web Server Graphic Interchange Format Generic Security Service Distribution Center Lightweight Directory Access Protocol Multifunction printer NT LAN Manager Network Time Protocol Online Certificate Status Protocol Privacy Enhanced - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 47
to the Security menu from the Embedded Web Server. Service Engineer Menus at the Device This protects access to the Service Engineer menu from the printer control panel. Service Engineer Menus Remotely This protects access to the Service Engineer menu from the Embedded Web Server. Settings Menu - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 48
This controls the ability to use the Color Dropout feature for scan and copy functions. Copy Color Printing This controls the ability to perform color copy functions. Users who are denied will have their copy jobs printed in black and white. Copy Function This controls the ability to use the - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 49
to E‑mail function. This controls access to the Scan to Fax function. This controls the ability to print color from a flash drive. Users who are denied will have their print jobs printed in black and white. This controls the ability to update firmware from a flash drive. This controls the ability to - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 50
the keypad that appears on the touch screen, and then touch Next. It may take a moment for the printer to validate your credentials. After your credentials have been validated, the printer will return to the home screen. Note: For more information about using the touch screen, see "Appendix A: Using - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 51
AGREE, DO NOT INSTALL, COPY, DOWNLOAD, OR OTHERWISE USE THE SOFTWARE users to the number specified in your agreement with Lexmark. You may not separate the components of the Software Program for use on more than one computer. You agree that you will not Use the Software Program, in whole or in part - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 52
electronic license terms at the time of download. Use of the Freeware by you shall transfer the Software Program to another end-user. Any transfer must include all software components (INCLUDING NEGLIGENCE OR STRICT LIABILITY), AND EVEN IF LEXMARK, OR ITS SUPPLIERS, AFFILIATES, OR REMARKETERS HAVE - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 53
as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and in similar FAR by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 54
password using the touch screen to enable 9 before configuring the device verifying firmware network data 17 encrypting the hard disk 7 encryption IPSec 17 environment operating 6 EWS using 15 F fax forwarding 24 fax settings Driver to fax 24 fax forwarding 24 held faxes 24 fax storage 24 firmware - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 55
SMTP settings configuring 22 supported devices 5 syslog configuring 20 T touch screen using the 44 troubleshooting authentication failure 38 42 printer clock out of sync 38 problem getting user info 40 realm on card not found 40 unable to authenticate 38 unable to determine Windows User ID - Lexmark X954 | Common Criteria Installation Supplement and Administrator Guide - Page 56
PN 3065326 Rev. 001 www.lexmark.com *3065326*
Common Criteria
Installation Supplement and Administrator Guide
November 2011
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2011 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3065326-001