Lexmark T656 Common Criteria Installation Supplement and Administrator Guide
Lexmark T656 Manual
![]() |
View all Lexmark T656 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark T656 manual content summary:
- Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 2
programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. If you don't have access to the Internet, you can contact Lexmark by mail: Lexmark International, Inc. Bldg 004-2/CSC 740 New Circle - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 3
guide...5 Supported devices...5 Operating environment...5 Before configuring the device (required)...6 Verifying physical interfaces and installed firmware E-mail...24 Fax...26 Configuring security reset jumper behavior...27 User access...27 Creating user accounts through the EWS...28 Configuring - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 4
functions using the EWS...36 Troubleshooting 39 Login Issues...39 "Unsupported USB Device" error message...39 The printer home screen does not return error message 43 "Unable to determine Windows User ID" error message 44 "There are no jobs available for [USER]" error message...44 Jobs are - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 5
3). It is critical that you carefully follow the instructions in this guide, as failure to do so may result in a device that does not meet the requirements of the evaluation. Using this guide This guide is intended for use by Lexmark service providers, and network administrators responsible for the - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 6
, and maintenance of the 2 Turn the MFP on using the power switch. 3 From the home screen Download Emulator (DLE) option cards have been installed. 5 If you find additional interfaces, or if a DLE card has been installed, contact your Lexmark representative before proceeding. 6 To verify the firmware - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 7
encryption helps prevent the loss of sensitive data in the event your MFP-or its hard disk-is stolen. 1 Turn off the MFP using the power switch. 2 Simultaneously press and hold the "2" and "6" keys on the numeric keypad while turning the device back on. It takes approximately a minute to boot into - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 8
the MFP will return to the Enable/Disable screen. Warning: Do not power off the device during the encryption process. Doing so may result in loss finish, press Back, and then Exit Config Menu. The MFP will power-on reset, and then return to normal operating mode. Disabling the USB Buffer Disabling - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 9
this section to configure the settings needed to achieve the evaluated configuration for a standalone device: 1 Set up disk wiping. 2 Create user accounts. 3 Create security templates. 4 Restrict access to device functions. 5 Disable home screen icons. Configuring disk wiping Note: Not all devices - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 10
templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 11
or more Administrator groups, as needed. If you have created multiple groups to grant access to specific device functions, select all groups in which the administrator should be included. • For all other users, add only the Authenticated_Users group. 10 Touch Next to save the account and return to - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 12
- Can be any valid setting available for a function, at the discretion of the administrator. • Disabled- Disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. No change required, though it is recommended that you set these - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 13
Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash Drive Firmware Updates Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 14
Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device only Any valid setting Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled Disabling home screen icons - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 15
then touch Submit. 6 Touch the home icon to return to the home screen. 7 Reboot the MFP by turning it off and back on using the power switch. Disabling HTTP/HTTPS access using the EWS 1 From the EWS, click Settings > Security > TCP/IP Port Access. 2 Clear the following check boxes: • TCP 80 - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 16
settings required for a network-attached device. Creating and modifying digital certificates Certificates are needed for domain controller verification, and for SSL support in LDAP. Each certificate must be in a separate PEM (.cer) file. Setting certificate defaults The values entered here will be - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 17
Certificate Management. 3 Select a certificate from the list. The details of the certificate are displayed in the Device Certificate Management window. 4 From here, you can: • Delete-Remove a previously stored certificate. • Download to File-Download or save the certificate as a PEM (.cer) file. 17 - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 18
sOnCaQ== -----END CERTIFICATE----- • Download Signing Request-Download or save the signing request as be in PEM (.cer) format. 4 Reboot the MFP by turning it off and back on using the power switch. Setting up IPSec IPSec encrypts IP packets as they are transmitted over the network between devices. It - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 19
Disabling non-IP network protocols IP is the only network protocol permitted under this evaluation. The NetWare, AppleTalk, and LexLink protocols must be disabled. Using the EWS Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be sure to disable HTTP and - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 20
9302 (NPAP) • TCP 9500/TCP 9501 (NPAP) • TCP 9600 (IPDS) • UDP 9700 (Plug-n-Print) • TCP 10000 (Telnet) • Web Services 3 Click Submit. Other settings and functions Network Time Protocol Use Network Time Protocol automatically provided by the DHCP server before manually configuring NTP settings. 20 - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 21
server requires authentication, set Enable Authentication to On. 5 Touch Submit. Kerberos If you will be using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, you must first configure Kerberos. Using the EWS 1 From the EWS, click Settings > Security > Security Setup. Note: For - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 22
Importing a Kerberos configuration file Using the EWS, you can also import a krb5.conf file rather than configure the Simple Kerberos Setup. 1 From the EWS, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 23
6 For Severity of events to log, select 5 - Notice. The chosen severity level and anything higher (0-4) will be logged. 7 To send all events regardless of severity to the remote server, select Remote Syslog non-logged events. 8 To have administrators automatically notified of certain log events, - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 24
Submit. Note: In order to use E-mail alerts, you must also configure SMTP settings. For information about SMTP settings, see "E-mail" on page 24. E-mail User data sent by the MFP using E-mail must be sent as an attachment. Using the EWS 1 From the EWS, click Settings > E-mail/FTP Settings > E-mail - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 25
authentication method from the SMTP Server Authentication list. 9 From the Device-Initiated E-mail list, select Use Device SMTP Credentials. 10 From the User-Initiated E-mail list, select the option most appropriate for your network/server environment. 11 If the MFP must provide credentials in order - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 26
10 For User-Initiated E-mail, select the option most appropriate for your network/ fax capabilities and is attached to a phone line, you must disable fax forwarding, enable held faxes, and disable driver to fax. Using the EWS 1 From the EWS, click Settings > Fax Settings > Analog Fax Setup. Note - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 27
Menu. The MFP will power-on reset, and then return to normal operating mode. Configuring security reset jumper behavior The security reset jumper is a hardware menus, a service call will be required to replace the device RIP card (motherboard). User access Administrators and users are required to - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 28
templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Example: Employees in the warehouse will be given access to black and white printing only; administrative office staff - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 29
+GSSAPI to take advantage of authentication and authorization services already deployed on the network. User credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 30
a user must provide when attempting to access a function protected by the LDAP building block. Device Credentials (optional) • MFP Kerberos Username- Type the distinguished name of the print server(s). • MFP Password-Type the Kerberos password for the print server(s). Search specific object - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 31
default), uid, userid, user-defined, or cn (common name). • Search Base-The node in the LDAP server where user accounts reside. Multiple search General Information. 7 From the General Information Screen, select Search Specific Object Classes, and then adjust the following settings as needed ( - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 32
and authentication mechanism, and supports user authorization to the MFP and If desired, provide custom Logon Screen Text, with special instruction for users, or a custom Logon Screen Image. Custom screen images configured in Active Directory; typically the Windows Domain Name. The Realm must be - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 33
users are allowed to login manually, provide at least one Manual Login Domain (a Windows User Session and Access Control, verify that Share Session with LDD is not selected. 16 Under Advanced Settings, select Disable Reverse DNS Lookups if reverse lookups are not supported the MFP is powered on. This - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 34
be helpful to use a descriptive name, such as "Administrator _ Only", or "Authenticated_Users." 5 From the Authentication list, select a method for authenticating users. This list will be populated with the authentication building blocks that have been configured on the MFP (internal accounts, LDAP - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 35
select the Held Jobs icon. • Select Show Copies Screen if you want to enable users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you want to enable users to select a Print All button, rather than select each print job individually. • Display Print - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 36
discretion of the administrator. • Disabled- Disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting Configuration Fax Function Firmware Updates Flash Drive Color Printing Flash Drive Firmware Updates Level of protection Any - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 37
Security Menu at the Device Security Menu Remotely Service Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings access only Not applicable - all remote access disabled Authenticated users Note: When eSF applications are configured, Solution 1 controls - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 39
Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer solutions, contact the Lexmark Solutions Help Desk - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 40
automatically provided by the DHCP server before manually configuring NTP settings. 3 If you have configured the printer to use an NTP server, verify that to locate the appropriate krb5.conf file, and then click Submit. Users are unable to authenticate THE REALM SPECIFIED IN THE KERBEROS SETTINGS IS - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 41
printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual login, and indicates the Windows The PKI Authentication solution settings do not support multiple Kerberos Realm entries. If multiple - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 42
may or may not work This normally occurs either during login (at "Getting User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT lookups to work. REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 43
INCORRECT Narrow the LDAP search base to the lowest possible scope that will include all necessary users. THE LDAP ATTRIBUTE BEING SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Held Jobs/Print Release Lite Issues "You are - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 44
to determine how the Windows Userid will be obtained when a user attempts to log in: • None-The userid is not set. You can select this option if the userid is not needed by other applications. • User Principal Name-The SmartCard principal name, or the credential provided by manual login is used to - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 45
restricted to administrators only. Using the on-screen keyboard Some device settings require one or more alphanumeric entries, such as server addresses, user names, or passwords. When an alphanumeric entry is needed, a keyboard will be displayed: As you touch the letters and numbers, your selections - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/Shift will remain engaged until you touch the lock - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 47
guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Protocol Multifunction printer NT LAN - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 48
printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates . Users who - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 49
access to the Operator Panel Lock. Users who are denied access cannot enable or disable the printer control panel lock. Controls access to the access to the Sevice Engineer menu from the printer control panel Protects access to the Service Engineer menu from the Embedded Web Server Protects access - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 50
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 51
Appendix D: Using Common Access Cards Using a Common Access Card to access the MFP 1 Insert your Common Access Card into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 52
It may take a moment for the MFP to validate your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 53
Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions NOT SO AGREE, DO NOT INSTALL, COPY, DOWNLOAD, OR OTHERWISE USE THE SOFTWARE PROGRAM. IF number of authorized users to the number specified in your agreement with Lexmark. You may - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 54
electronic license terms at the time of download. Use of the Freeware by you transfer the Software Program to another end-user. Any transfer must include all software updates or supplements to the original Software Program provided by Lexmark unless Lexmark provides other terms along with the update - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 55
with the terms of this License Agreement, any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, the terms of this License Agreement - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 56
encrypting the hard disk 7 encryption IPSec 18 environment operating 5 EWS using 15 F fax forwarding 26 fax settings Driver to fax 26 fax forwarding 26 held faxes 26 fax storage 26 firmware verifying 6 function access using the EWS to restrict 36 using the touch screen to restrict 12 Function Access - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 57
44 not authorized to use Held Jobs 43 not authorized to use Print Release Lite 43 printer clock out of sync 40 problem getting user info 42 realm on card not found 41 unable to authenticate 40 unable to determine Windows User ID 44 unexpected logout 42 unknown client 42 unsupported USB device 39 - Lexmark T656 | Common Criteria Installation Supplement and Administrator Guide - Page 58
www.lexmark.com
![](/manual_guide/products/lexmark-t656-common-criteria-installation-supplement-administrator-guide-3d344e1/1.png)
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002