Lexmark MS817 Embedded Web Server Administrator s Guide - Page 36
Standard Admin Groups and Security Templates
View all Lexmark MS817 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
Securing printers 36 • Password-Type the password of the network administrator or the individual who has rights to join the domain. Note: Passwords are case-sensitive and are not cached by the device. • Organizational Unit-Type the name of your organizational unit, if necessary. 4 Select one or more of the following domain services: • LDAP Address Book-Configure LDAP server address book information using Active Directory data. • Standard Admin Groups and Security Templates-Create a group named "admin," and a security template named "Active Directory." • CA Certificate Monitoring-Enable the CA certificate monitor feature with the following default settings: - "Enable CA Monitor" is selected. - Schedule run time" is set to 0:00 (midnight). - Monitoring is repeated every day. 5 Click Submit. Note: The screen flashes, and you may hear a clicking noise. 6 Click Manage Security Templates to use the Active Directory information to complete your security setup. If you want to review or make some small modifications to the LDAP+GSSAPI building block, then click Return to Security Setup and do the following: a Under Advanced Security Setup, click Kerberos 5. b Click View File to open the Kerberos Config file that was created using the Active Directory setup. c Review the file, and then click the back button of the browser. Note: To avoid issues with KDC Server Affinity Service, do not edit or copy the Kerberos Config file to use with older devices. Older devices do not recognize the special mappings associated with the KDC Server Affinity Service. d Click Return to Security Setup, and then click LDAP+GSSAPI. e Under LDAP+GSSAPI Setups, click the building block that was created by the Active Directory Setup process. Note: By default, the building block name is the realm name, and the server address field is the domain controller name. f If necessary, change some of the building block settings depending on your environment, including the following: • Server Port-The standard port for LDAP is 389. Another common port is 3268, but this port is used only for Global Catalog servers in Active Directory. If applicable, change the port to 3268 to speed up the querying process. • Search Base-This setting indicates the location in the directory tree where the device starts searching. At the most basic, we recommend specifying the root of the directory (such as "dc=company,dc=com"). • Use Kerberos Service Ticket-This advanced setup, otherwise known as SPNEGO, is the session ticket that a user uses to log in to a computer. We recommend leaving this setting unchanged. • Use Active Directory Device Credentials-This option lets you use the service account that is created in Active Directory. If you want to use an existing service account or user credentials (advanced setup), then clear this check box.