Lexmark X954 PKI-Enabled Device Installation and Configuration Guide
Lexmark X954 Manual
View all Lexmark X954 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X954 manual content summary:
- Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 3
...15 PKI S/MIME settings ...15 Configuring PKI Scan to Network...16 General Settings...16 Default Scan Settings ...17 Creating file shares...17 Editing or deleting a file share ...19 Configuring PKI Held Jobs...19 PKI Held Jobs settings ...19 Troubleshooting 21 Login Issues...21 LDAP issues...24 - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 5
the printer. This guide is intended for use by Lexmark service providers, and network administrators responsible for the management of security appliances and software in their network environment. For information about physically setting up the printer or using printer features, see the User Guide - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 6
Page. The network setup page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 7
has finished, click Return. On the Solutions tab, you should now see an authentication token listed under Installed Solutions. Installing PKI applications The PKI applications enable users to sign and encrypt E-mail messages sent from the printer, securely scan documents and images to a network - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 8
-x.x.x.fls PKI Scan to Network pkiadnetworkscan.x.x.x-fls PKI Held Jobs (Print Release Lite) pkiadheldjobs.x.x.x.fls The file names shown are not version-specific. Use the latest version available for each file. For information about available versions, contact the Lexmark Solutions Help - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 9
Date and time In order for users to login to the printer, the printer clock must be set to within five minutes of the domain controller system clock. Printer clock settings can be updated manually, or configured to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 10
and address book settings on the printer. If users will not be allowed to access Scan to Email, you can skip this supported, select No Authentication Required. Note: If the SMTP server requires user authentication to send E-mail but does not support Kerberos, the IP address or hostname of the printer - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 11
as the default setting, to reduce the file size of scanned documents and Bit Depth-Set to 8-bit for grayscale imaging, or 1-bit for black and white. 3 Adjust other scan settings as needed. 4 Click Submit. Address Book setup Configuring the printer Address Book enables users to search your network - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 12
Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual Login Only (userid/password). 3 Select whether Card Pin must be Numeric Only, or can be Alphanumeric. 4 If desired, provide custom Logon Screen Text, with special instruction for users, or - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 13
and PIN. Network functions that require authentication will not be available to users. • Active Directory-Users are validated against Active Directory with SmartCard and PIN. 3 Select Use MFP Kerberos Setup to use the Kerberos settings already configured on the printer, or clear the check box to - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 14
. Solution-specific access control 1 is the default and recommended setting. 8 Continue to Advanced Settings, or click Apply at the bottom of the screen to save changes. Advanced Settings Not all networks will require the advanced settings. Adjust them as needed to allow the printer to communicate - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 15
PKI S/MIME settings This application is only used if Scan to Email is enabled. If you are not using Scan to Email, you can skip this section. 1 From or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 16
non-repudiation bit set. • users from the printer touch screen: • User Can Only Send to Self (no other recipients can be added) • User Can Change Options (scan settings) • User Can Change Subject • User Can Change Message • User Can Change Attachment Name • Return to Email Screen-By default, users - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 17
user groups. If groups are not being used, select the same setting used for Device Access Control in PKI Authentication (usually Solution-specific access control 1). Note: Authorization can be further restricted when configuring specific Scan to Network file shares. 6 Continue to Default Scan - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 18
-Leave blank Using a dynamic file share with the Windows User ID: - Display Name-User Share - UNC Path-\\dfs\shares\%u - Replacement Value-LDAP Lookup - LDAP - Replacement Attribute-samaccountname • Default Filename-The default filename for scanned documents. If users are not allowed to change the - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 19
Scan to Network printer default icon image, click View Current Value. 5 From Access Control, select which Access Control should be used to authorize user groups. If groups are not being used, select the same setting used for Device Access Control in PKI Authentication (usually Solution-specific - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 20
jobs is controlled by the printer Confidential Print Setup (Settings > Security > Confidential Print Setup). By default, only Confidential Print jobs Held if you want to require all jobs to remain on the printer until released by an authorized user, or until they expire. • Select Clear Print Data to - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 21
Troubleshooting Login Issues "Unsupported USB Device" error message A SUPPORTED SMARTCARD READER HAS BEEN INSTALLED BEFORE THE PKI FIRMWARE AND APPLICATIONS The reader can not be installed until the firmware printer home screen does not return to a locked state when not in use, check Lexmark - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 22
zone and daylight savings time settings are correct. Note: If your network uses DHCP, verify that NTP settings are not automatically provided by the DHCP server before manually configuring NTP settings. 3 If you have configured the printer to use an NTP server, verify that those settings are correct - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 23
BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos settings - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 24
settings do not support multiple Kerberos Realm User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT 636 (SSL) IS BLOCKED BY A FIREWALL These ports are used by the printer to communicate with the LDAP server, and must be open in order for LDAP lookups to work. Troubleshooting - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 25
ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: 1 From users. THE LDAP ATTRIBUTE BEING SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Troubleshooting - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 26
your card" error message If users are required (or choose), to digitally sign E-mail messages, the Smart Card must contain a valid signing certificate. By default, the non-repudiation option is enabled for E-mail signing. If your certificate does not have the non-repudiation bit set, this option can - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 27
or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 5.5.4 INVALID ADDRESS" ERROR FROM THE SMTP SERVER The domain name on the device has not been configured correctly: 1 From the Embedded Web Server, click Settings > Network/Ports > TCP/IP - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 28
5, BUT THE SMTP SERVER REPORTS GSSAPI IS NOT SUPPORTED 1 From the Embedded Web Server, click Settings > printer and SMTP server on port 25. Scan to Network issues "You are not authorized to use this feature" Scan to Network error message This error usually indicates the user Troubleshooting 28 - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 29
PKI Scan to Network > scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 30
(or servers) on port 445. "The network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share. Troubleshooting 30 - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 31
Scan to Network user in not in an Active Directory group that is authorized to use the function. If user authorization is enabled for Held Jobs, add the user Windows User User Principal Name-The SmartCard principal name, or the credential provided by manual provided by manual login is for [USER]" User - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 33
AGREE, DO NOT INSTALL, COPY, DOWNLOAD, OR OTHERWISE USE THE SOFTWARE users to the number specified in your agreement with Lexmark. You may not separate the components of the Software Program for use on more than one computer. You agree that you will not Use the Software Program, in whole or in part - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 34
network. c Reservation of Rights. The Software Program, including all fonts, is copyrighted and owned by Lexmark International, Inc. and/or its suppliers. Lexmark license terms at the time of download. Use of the Freeware by you the Software Program to another end-user. Any transfer must include all - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 35
as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and in similar FAR by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 36
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 37
settings configuring 10 supported devices 5 T TCP/IP settings 8 timeout automatic 9 troubleshooting 501 5.5.4 Invalid Address error 27 authentication failure 22 authorization to use Held Jobs 31 authorization to use Print Release Lite 31 authorization to use Scan to Network 28 certificate error - Lexmark X954 | PKI-Enabled Device Installation and Configuration Guide - Page 38
use Print Release Lite 31 not authorized to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server must use hostname with Kerberos
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550