Lexmark X651DE Common Criteria Installation Supplement and Administrator Guide - Page 33
Disable Reverse DNS Lookups - user manual
UPC - 734646093729
View all Lexmark X651DE manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 33 highlights
• Domain-The card domain that should be mapped to the specified Realm. This is the principal name used on the card, and should be listed by itself, followed by a comma, a period, and then the principal name again. This value is case-sensitive, and usually appears in lowercase. Multiple values can be entered, separated by commas. Example: If a U.S. DoD Common Access Card uses "123456789@mil" to identify a user, "mil" is the principal name. In this case, you would enter the Domain as "mil,.mil". • Timeout-The amount of time the MFP should wait for a response from the domain controller before moving to the next one in the list. 12 If users are allowed to login manually, provide at least one Manual Login Domain (a Windows Domain Name) to choose from when logging in. Multiple domains can be entered, separated by commas. 13 Select a DC Validation Mode for validating the domain controller certificate when users login to the MFP: • Device Certificate Validation-The most common method. The certificate of the CA that issued the domain controller certificate must also be installed on the MFP. • MFP Chain Validation-The entire certificate chain, from the domain controller to the root CA, must be installed on the MFP. • OCSP Validation-The entire certificate chain, from the domain controller to the root CA, must be installed on the MFP, and Online Certificate Status Protocol (OCSP) settings must be configured. 14 If you selected OCSP Validation, configure the following: • Responder URL-The IP address or hostname of an OCSP responder/repeater, along with the port being used (usually 80). The correct format is "http://ip_address:port_number" (http://255.255.255.0:80). Multiple values can be entered, separated by commas; they will be tried in the order listed. • Responder Certificate-Browse to locate the X.509 certificate for the responder. • Responder Timeout-The amount of time the MFP should wait for a response from the OCSP Responder before moving to the next one in the list. • Unknown Status is Valid-Select this check box to allow a user to login even if the OCSP response indicates the certificate status is unknown. 15 Under User Session and Access Control, verify that Share Session with LDD is not selected. 16 Under Advanced Settings, select Disable Reverse DNS Lookups if reverse lookups are not supported on your network. 17 To use only the information provided by the specified domain controller, select Disable LDAP Referrals. Note: Leaving LDAP referrals enabled can increase LDAP search times. 18 If DNS is not enabled on the network, or if some servers are multi-homed, click Browse to locate a Hosts File with hostname-IP address mappings. 19 Select Wait for Active Network, to display Waiting for network... on the touch screen after the MFP is powered on. This message disappears when the network becomes available. 20 Click Apply. Note: You must install at least one Certificate Authority (CA) certificate in order for PKI Authentication to work. For more information on uploading a CA certificate, see "Creating and modifying digital certificates" on page 16. 33