Lexmark 6500e PKI-Enabled Device Installation and Configuration Guide
Lexmark 6500e Manual
View all Lexmark 6500e manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark 6500e manual content summary:
- Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 1
PKI-Enabled Device Installation and Configuration Guide February 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 3
PKI-enabled devices 5 Overview...5 Supported devices ...5 Before configuring the printer ...5 Installing the firmware and applications...6 Verifying and updating the firmware...6 Installing the authentication token application...7 Installing PKI applications...7 Configuring printer settings for use - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 4
Notices 33 Index 37 Contents 4 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 5
until released by an authorized user. Also referred to as Print Release Lite. PKI Authentication is the only required application, and must be installed and configured if you plan to attach a SmartCard reader to the printer. This guide is intended for use by Lexmark service providers, and network - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 6
page prints, and the printer returns to the home screen. Installing the firmware and applications Verifying and updating the firmware Enabling PKI support for your printer involves three main components: • The printer firmware • The authentication token • The Lexmark PKI applications All three - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 7
see an authentication token listed under Installed Solutions. Installing PKI applications The PKI applications enable users to sign and encrypt E-mail messages sent from the printer, securely scan documents and images to a network file share, and hold documents at the printer until released by an - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 8
to locate the correct application file, and then click Start Install. 4 After the installation has finished, click Return. The application should now be listed under Installed Solutions. Configuring printer settings for use with PKI applications Even if the printer has been set up previously - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 9
server rather than manage date and time settings manually, select Enable NTP, and then type the Install auth keys" link to browse to the file containing the NTP authentication credentials. 3 Click Submit. Panel login timeout To help prevent unauthorized access in the event a user leaves the printer - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 10
certificates may be installed if needed. Each certificate must be in a separate PEM (.cer) file. 1 From the supported, select No Authentication Required. Note: If the SMTP server requires user authentication to send E-mail but does not support Kerberos, the IP address or hostname of the printer - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 11
printer: • Never appears-The "Send me a copy" option never appears. • On by default-The option is on, but can be turned off by users. • Off by default-The option is off, but can be turned on by users. • Always on-Users , but it will also increase the file size of scanned documents. • Transmission - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 12
. Example: "ou=installation,dc=branch,dc=mil options such as Copy and Fax. 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 For Logon Type, select whether users can access the printer using Card Only (SmartCard), Card or Manual Login, or Manual - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 13
for validating the domain controller certificate when users login to the printer: • Device Certificate Validation-The most common method. The certificate of the CA that issued the domain controller certificate must also be installed on the printer. • MFP Chain Validation-The entire certificate chain - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 14
access to specific printer functions, such as color printing. Multiple groups can be entered, separated by commas. Leave blank if not using group authorization. 7 From Device Access Control, select which Access Control should be used to authenticate and authorize users. Solution-specific access - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 15
Embedded Solutions > PKI S/MIME Email > Configure. 2 For From Address, select either Card Email Address (SmartCard) or LDAP Lookup, to specify how the printer should retrieve the user's address when sending E-mail. Note: If manual login is allowed, you must select LDAP Lookup. 3 Under S/MIME Options - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 16
more settings to determine which options will be available to users from the printer touch screen: • User Can Only Send to Self (no other recipients can be added) • User Can Change Options (scan settings) • User Can Change Subject • User Can Change Message • User Can Change Attachment Name • Return - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 17
will be displayed. 3 Under General Settings, configure the following attributes for the new share: • File Share Authorization-Select the solution access control that determines which groups can access this file share. If a user is not allowed to access this share, it will not appear in the list of - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 18
added to the default filename, to give each scanned document a unique name. The file extension is added automatically based on the file type selected. • Select User Can Rename File if you want to allow users to change the default filename. • Select User Can Change Scan Settings if you want to allow - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 19
file share: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Scan to Network > Configure. 2 Under File Solutions > PKI Held Jobs > Configure. 2 You can specify custom Icon Text to be displayed above the Held Jobs icon on the printer user groups. If groups are - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 20
as needed: • Select Require All Jobs to be Held if you want to require all jobs to remain on the printer until released by an authorized user, or until they expire. • Select Clear Print Data to clear the memory associated with each print job once the job is released. 9 Click Apply. Configuring PKI - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 21
. Remove the card reader, and see "Installing the firmware and applications" on page 6. A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the MFP is supported. Remove the unsupported reader and attach the OmniKey reader. The printer home screen does not return to - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 22
Lexmark Solutions Help Desk for assistance. "The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time" error message This error indicates the printer Import Kerberos File, Browse to locate the appropriate krb5.conf file, and then click Submit. Users are unable - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 23
IS BLOCKED BY A FIREWALL Port 88 must be opened between the printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows Domain is not specified in the Kerberos - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 24
message This error occurs during SmartCard login. The PKI Authentication solution settings do not support multiple Kerberos Realm entries. If multiple realms are needed, you must create and upload a krbf5.conf file, containing the needed realms. If you are already using a Kerberos configuration - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 25
REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is disabled on the network: 1 From the Embedded Web Server, click Settings > Embedded Solutions > PKI Authentication > Configure. 2 Select Disable Reverse DNS Lookups. 3 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 26
THE FROM ADDRESS IS BEING RETRIEVED This error occurs when a user is logged in manually, but PKI S/MIME Email is configured to retrieve the From > Embedded Solutions > PKI S/MIME Email > Configure. 2 Under S/Mime Options, select either Disabled or Prompt User for Sign Email. Troubleshooting 26 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 27
you have the correct firmware version installed. For information about finding the correct version for your printer, see "Verifying and updating the firmware" on page 6. If you have verified or updated your firmware and still experience this problem, contact the Lexmark Solutions Help Desk. "501 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 28
GSSAPI IS NOT SUPPORTED 1 From the communication between the printer and SMTP server on file share for users to scan to. For information on adding file file share destination" error message THE LDAP LOOKUP FAILED For information about LDAP-related issues, see "LDAP issues" on page 24. Troubleshooting - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 29
size" error message After scanning, the number of bytes scanned is compared to the number written to the saved file. If the user does not have read access to the file share, the file size cannot be determined. To correct this problem, grant the user read access to the file share. Troubleshooting 29 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 30
(or servers) on port 445. "The network share name does not exist on the specified file server" error message THE PRINTER CONNECTED TO THE FILE SERVER, BUT THE SHARE NAME DOES NOT EXIST Verify that the share name is correct, and that the user has read/write access to that share. Troubleshooting 30 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 31
> Embedded Solutions > PKI Scan to Network > Configure. 2 Under File Shares, highlight option if the userid is not needed by other applications. • User Principal Name-The SmartCard principal name, or the credential provided by manual Solutions > PKI Authentication > Configure. 2 Under User Session - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 32
, or the jobs were automatically deleted because they were not printed in time. Jobs are printing out immediately Most likely, the user is not selecting the print and hold feature when printing the job. Show the user how to select the print and hold feature in the print driver. Troubleshooting 32 - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 33
or its suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images and recordings), and associated media, printed - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 34
, archiving, or installation, provided the copy terms at the time of download. Use of the Freeware Software Program to another end-user. Any transfer must include INACCURACY IN, OR DAMAGE TO, DATA OR RECORDS, FOR CLAIMS OF THIRD STRICT LIABILITY), AND EVEN IF LEXMARK, OR ITS SUPPLIERS, AFFILIATES, - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 35
in similar FAR provisions (or any equivalent agency regulation or contract clause). 15 CONSENT TO USE OF DATA. You agree that Lexmark, its affiliates, and agents may collect and use information you provide in relation to support services performed with respect to the Software Program and requested - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 36
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 37
28 error writing to file share 30 E-mail cannot be digitally signed with manual login 26 home screen does not lock 21 invalid character in filename 30 invalid filename specified 30 Invalid Message ID error 27 jobs not being held at printer 32 jobs print immediately 32 KDC and MFP clocks out of sync - Lexmark 6500e | PKI-Enabled Device Installation and Configuration Guide - Page 38
not authorized to use Scan to Network 28 port 25 blocked 27 printer clock out of sync 22 problem getting user info 24 realm on card not found 24 scanned and saved file sizes do not match 29 SMTP server does not support GSSAPI 27 SMTP server must use hostname with Kerberos 27 SMTP server
PKI-Enabled Device
Installation and Configuration Guide
February 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550