Lexmark 6500e Common Criteria Installation Supplement and Administrator Guide
Lexmark 6500e Manual
View all Lexmark 6500e manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark 6500e manual content summary:
- Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation Supplement and Administrator Guide November 2011 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 3
3 Contents Overview and first steps 5 Overview...5 Using this guide...5 Supported devices ...5 Operating environment ...6 Before configuring the device (required 6 Verifying physical interfaces and installed firmware 6 Attaching a lock ...7 Encrypting the hard disk ...7 Disabling the USB buffer - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 4
different beyond an acceptable range; check the MFP's date and time" error message...38 "Kerberos configuration file has not been uploaded" error message 38 Users are unable to authenticate ...38 "The Domain Controller Issuing Certificate has not been installed" error message 39 "The KDC did not - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 5
6500e scanner with T654 printer • Lexmark 6500e scanner with T656 printer Note: If you are using a Lexmark 6500e scanner with a T650, T652, T654, or T656 printer, then you must complete the setup and configuration steps in the Setup Guide that came with the scanner before following the instructions - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 6
Features section, verify that no Download Emulator (DLE) option cards have been installed. 5 If you find additional interfaces, or if a DLE card has been installed, then contact your Lexmark representative before proceeding. 6 To verify the firmware version, under Device Information, locate - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 7
a Lexmark 6500e scanner with a T650, T652, T654, or T656 printer, then you must attach a lock to both the scanner and the printer. 1 Verify that the MFP case is helps prevent the loss of sensitive data in the event your MFP-or its hard disk-is stolen. 1 Turn off the MFP using the power switch. 2 - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 8
/Disable screen. Warning: Do not turn off the device during the encryption process. Doing so may result in loss of data. 7 Touch Back, and then touch Exit Config Menu. The MFP will undergo a power‑on reset, and then return to normal operating mode. Disabling the USB buffer Disabling the USB buffer - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 9
Installing information about additional configuration options, see "Administering the device. Disk wiping uses random data patterns to securely overwrite files stored on the hard drive character. • Not be a dictionary word or a variation of the user ID. 1 From the home screen, touch > Security > Edit - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 10
, and then you will apply a security template to each device function to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch > Security > Edit Security Setups > Edit Building Blocks > Internal - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 11
> Edit Security Setups > Edit Building Blocks > Internal Accounts > 2 On the General Settings screen, set Required User Credentials to User ID and password, and then touch Submit. The MFP will return to the Internal Accounts screen. 3 Select Manage Internal Accounts > Add Entry. 4 Type the - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 12
set to No Security. • Disabled-This disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Configuration Menu Level - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 13
Authenticated users only Option Card Configuration at the Device Administrator access only Option Card Configuration Remotely Administrator access only Web Import/Export Settings Disabled Solutions Configuration Administrator access only Remote Management Administrator access only Firmware - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 14
Solution 1 Solutions 2‑10 New Solutions Level of protection Disabled Authenticated users only Authenticated users Solution 1 controls access to Held Jobs. Administrator access only Administrator access only Disabling home screen icons The final step is to remove unneeded icons from the MFP - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 15
prints, the MFP will return to the home screen. Settings for network-connected devices After attaching the MFP to a network support in LDAP. Each certificate must be in a separate PEM (.cer) file. Setting certificate defaults The values entered here will be present in all new certificates generated - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 16
the IPv4 address. 4 Click Generate New Certificate. Note: All fields accept a maximum of 128 characters, except where noted. Viewing, downloading, and deleting a certificate 1 : • Delete-Remove a previously stored certificate. • Download To File-Download or save the certificate as a PEM (.cer - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 17
Download Signing Request-Download or save the signing request as a .csr file. • Install Signed Certificate-Upload a previously signed certificate. Installing Type the IP address of the client device you want to connect to the MFP. If you are using Pre‑Shared Key (PSK) Authentication, then also type - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 18
to scroll down to find the AppleTalk selection. 3 Set Activate to No. 4 Touch Submit. The MFP will return to the AppleTalk screen. From there you can touch Back to return to the Std Network UDP 9700 (Plug‑n‑Print) • TCP 10000 (Telnet) • ThinPrint • TCP 65002 (WSD Print Service) • TCP 65004 (WSD Scan - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 19
automatically provided by the DHCP server before manually configuring NTP settings. Using the EWS 1 Click Install MD5 key or Install Autokey IFF params, and then browse to the file containing +GSSAPI or Common Access Cards to control user access to the MFP, then you must first configure Kerberos. - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 20
Web Server" on page 15. 2 Under Advanced Security Setup, at Step 1, click Kerberos 5. 3 Under Import Kerberos File, click Browse to navigate to your stored krb5.conf file. 4 Click Submit to upload the krb5.conf file. Note: After you click Submit, the device will automatically test the krb5.conf - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 21
used before an e-mail alert is triggered. • Select E‑mail log exported alert if you want the MFP to send an e-mail when the log file is exported. • Select E‑mail log settings changed alert if you want the MFP to send an e-mail when log settings are changed. • For "Log line endings," choose LF - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 22
depending on the operating system in which the file will be parsed or viewed. 13 Touch Submit. Note: To use e-mail alerts, you must also configure SMTP settings. For information about SMTP settings, see "E-mail" on page 22. E-mail User data sent by the MFP using e-mail must be sent as an attachment - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 23
From the User‑Initiated E‑mail list, select the option most appropriate for your network or server environment. 11 If the MFP must provide This must be blank. • Password-This must be blank. • Path-This must be "/". • File Name-This must be "image" (default). • Web Link-This must be blank. 3 Touch - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 24
For User‑Initiated E‑mail, select the option most appropriate for your network or server environment. 11 If the MFP must provide changes and return to the Settings page. 5 Under Fax Send Settings, clear the Driver to fax check box. 6 Under Fax Receive Settings, select Print from the Fax Forwarding - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 25
the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). User access Administrators and users are required to log in to the MFP using a method that provides both authentication and authorization. Under the evaluated - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 26
Color Printing Fax Function When creating internal accounts in Scenario 1, you would select the group that corresponds to the user's department. Scenario 2: Creating groups based on device function Security template basic_user color_user fax_user Groups included in template black_and_white color - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 27
+GSSAPI to take advantage of authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 28
user optional) • Use Active Directory Device Credentials-Click to select or clear. When the printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting anonymous binding or the specified credentials in the MFP's Kerberos Username and MFP - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 29
server where user accounts reside. optional): • Use Active Directory Device Credentials-Touch to select or clear. When the printer authenticates to the LDAP server, it can provide Active Directory device credentials in addition to supporting anonymous binding or the specified credentials in the MFP - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 30
For more information on using a card reader with your MFP, see "Using a Common Access Card to access the printer" on page 50. Note: You must configure Kerberos and supports user authorization to the MFP and its functions. 1 From the Embedded Web Server, click Settings > Device Solutions > Solutions - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 31
as mil,.mil. • Timeout-This is the amount of time the MFP should wait for a response from the domain controller before moving to the next one in the list. 11 If users are allowed to log in manually, then provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 32
assigned to each device function to control which users are permitted to access that function. At a Add authorization, and then select an option from the Authorization Setup list. This list building blocks that have been configured on the MFP (internal accounts, LDAP+GSSAPI, or PKI Authentication - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 33
Manage Security Templates screen will delete all security templates on the MFP, regardless of which one is selected. To delete an individual hold documents at the printer until released by an authorized user. 1 From the Embedded Web Server, click Settings > Device Solutions > Solutions (eSF) > PKI - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 34
Held and Clear Print Data check boxes. 9 Click Apply. Controlling access to device functions using the EWS Access to MFP functions can be restricted No Security. • Disabled-This disables access to a function for all users and administrators. • Not applicable-The function has been disabled by - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 35
Option Card Configuration at the Device Option Card Configuration Remotely Management Access control Web Import/Export Settings Solutions Configuration Remote Management Firmware only Authenticated users only Authenticated users only Authenticated users only Authenticated users only Administrator - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 36
PictBridge Printing Level of protection Authenticated users only Authenticated users only Administrator access only Not applicable-USB port disabled Device Solutions Access control Solution 1 Solutions 2-10 New Solutions Level of protection Authenticated users only Note: When eSF applications are - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 37
check box next to the application name, and then click Start. • If PKI Authentication does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. Login screen does not appear when a Smart Card is inserted MAKE SURE THE SMART CARD IS RECOGNIZED BY - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 38
before manually configuring NTP settings. 3 If you have configured the printer to use file, and then click Submit. Users are unable to authenticate MAKE SURE THE REALM SPECIFIED IN THE KERBEROS SETTINGS IS IN UPPERCASE 1 From the Embedded Web Server, click Settings > Device Solutions > Solutions - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 39
installed" error message MAKE SURE THAT THE CORRECT CERTIFICATE HAS BEEN INSTALLED ON THE PRINTER For information on installing click Settings > Device Solutions > Solutions (eSF) > PKI printer and the KDC for authentication to work. "User's Realm was not found in the Kerberos Configuration file - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 40
" error message This error occurs during Smart Card login. UPLOAD A KERBEROS CONFIGURATION FILE AND MAKE SURE THE REALM HAS BEEN ADDED TO THE FILE The PKI Authentication settings do not support multiple Kerberos Realm entries. If multiple realms are needed, then you must create and upload a krbf5 - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 41
then fail This issue can occur during login (at "Getting User Info") or during address book searches. Try one or more of the following: MAKE SURE PORT 389 (NON‑SSL) AND PORT 636 (SSL) ARE NOT BLOCKED BY A FIREWALL The printer uses these ports to communicate with the LDAP server. The ports - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 42
ID is not set. You can select this option if the user ID is not needed by other applications. • User Principal Name-The Smart Card principal name or the credential provided by manual login is used to set the user ID (userid@domain). • EDI‑PI-The user ID portion of the Smart Card principal name or - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 43
the check box next to the application name, and then click Start. • If PKI Held Jobs does not appear in the list of installed solutions, then contact the Lexmark Solutions Help Desk for assistance. MAKE SURE ALL JOBS ARE REQUIRED TO BE HELD 1 From the Embedded Web Server, click Settings > Device - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 44
screen The screen located on the front of the MFP is touch‑sensitive and can be used to access screen keyboard Some device settings require one or more alphanumeric entries, such as server addresses, user names, and passwords. When an alphanumeric entry is needed, a keyboard appears: Password ~ - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 45
45 To type a single uppercase or shift character, touch Shift, and then touch the letter or number you need to uppercase. To turn on Caps Lock, touch Caps, and then continue typing. Caps Lock will remain engaged until you touch Caps again. Password ~ 1! @# $ %^ 23456 &* 7 8 ( 9 ) 0 _ + - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 46
EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Department of Defense Evaluation Assurance Level Embedded Web Server - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 47
Card Configuration section of the Settings menu from the printer control panel. This applies only when an Option Card with configuration options is installed on the device. Option Card Configuration Remotely This controls access to the Option Card Configuration section of the Settings menu from the - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 48
channel (such as that provided by a properly configured installation of MarkVision). This controls access to the configuration of any installed solutions. This controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server. Function Access Function - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 49
, workflows, and eSF applications. Device Solutions Function access control New Solutions Solution 1-10 What it does This controls the initial security profile of each solution‑specific access control installed on the printer. The Solution 1 through Solution 10 access controls can be assigned to - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 50
the keypad that appears on the touch screen, and then touch Next. It may take a moment for the printer to validate your credentials. After your credentials have been validated, the printer will return to the home screen. Note: For more information about using the touch screen, see "Appendix A: Using - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 51
or its suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 52
license terms at the time of download. Use of the Freeware by the Software Program to another end-user. Any transfer must include all OF, INACCURACY IN, OR DAMAGE TO, DATA OR RECORDS, FOR CLAIMS OF THIRD PARTIES, NEGLIGENCE OR STRICT LIABILITY), AND EVEN IF LEXMARK, OR ITS SUPPLIERS, AFFILIATES, OR - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 53
in similar FAR provisions (or any equivalent agency regulation or contract clause). 15 CONSENT TO USE OF DATA. You agree that Lexmark, its affiliates, and agents may collect and use information you provide in relation to support services performed with respect to the Software Program and requested - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 54
data 17 encrypting the hard disk 7 encryption IPSec 17 environment operating 6 EWS using 15 F fax forwarding 24 fax settings Driver to fax 24 fax forwarding 24 held faxes 24 fax storage 24 firmware importing a krb5.conf file 19 simple setup 19 keyboard using the 44 54 krb5.conf file importing 19 L - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 55
appear when card is inserted 37 MFP clock out of sync 38 missing Kerberos realm 40 multiple Kerberos realms 40 no jobs available to user 42 not authorized to use Held Jobs 42 not authorized to use Print Release Lite 42 printer clock out of sync 38 problem getting user info 40 realm on card - Lexmark 6500e | Common Criteria Installation Supplement and Administrator Guide - Page 56
PN 3065326 Rev. 001 www.lexmark.com *3065326*
Common Criteria
Installation Supplement and Administrator Guide
November 2011
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2011 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3065326-001