Lexmark X860 Common Criteria Installation Supplement and Administrator Guide
Lexmark X860 Manual
View all Lexmark X860 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark X860 manual content summary:
- Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 1
Common Criteria Installation supplement and administrator guide April 2010 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 2
are periodically made to the information herein; these changes will be incorporated in later editions. Improvements or changes in the products or the programs described may be made at any time. For Lexmark technical support, visit support.lexmark.com. For information on supplies and downloads, visit - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 3
guide...5 Supported devices...5 Operating environment...5 Before configuring the device (required)...6 Verifying physical interfaces and installed firmware logging...22 E-mail...24 Fax...26 Configuring security reset jumper behavior...27 User access...27 Creating user accounts through the EWS...28 - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 4
Release Lite Issues...43 "You are not authorized to use this feature" Held Jobs error message 43 "Unable to determine Windows User ID" error message 44 "There are no jobs available for [USER]" error message...44 Jobs are printing out immediately...44 Appendix A: Using the touch screen 45 Appendix - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 5
• Lexmark X466 • Lexmark X651 • Lexmark X652 • Lexmark X654 • Lexmark X656 • Lexmark X658 • Lexmark X734 • Lexmark X736 • Lexmark X738 • Lexmark X860 • Lexmark X862 • Lexmark X864 Operating environment The instructions provided in this guide are based on the following assumptions: • The MFP will - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 6
5 If you find additional interfaces, or if a DLE card has been installed, contact your Lexmark representative before proceeding. 6 To verify the firmware version, under Device Information, locate Base =, and Network =. 7 Contact your Lexmark representative to verify that the Base and Network values - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 7
is fully powered up, the touch screen should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the MFP is in Configuration mode by locating the Exit Config Menu icon in the lower right corner of the touch screen. 4 Scroll through the configuration - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 8
result in loss of data. Note: Disk encryption can take several hours to complete. 8 To finish, press Back, and then Exit Config Menu. The MFP will power-on reset, and then return to normal operating mode. Disabling the USB Buffer Disabling the USB buffer disables the USB host port on the back of - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 9
this section to configure the settings needed to achieve the evaluated configuration for a standalone device: 1 Set up disk wiping. 2 Create user accounts. 3 Create security templates. 4 Restrict access to device functions. 5 Disable home screen icons. Configuring disk wiping Note: Not all devices - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 10
templates, and then apply a security template to each device function, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Step 1: Defining groups 1 From the home screen, touch Menus > Security > Edit Security Setups > Edit Building Blocks - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 11
the General Settings screen, set Required User Credentials to User ID and password, and then touch Submit. The MFP will return to the Internal Accounts grant access to specific device functions, select all groups in which the administrator should be included. • For all other users, add only the - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 12
a function, at the discretion of the administrator. • Disabled- Disables access to a function for all users and administrators. • Not applicable-The function has been disabled by another setting. No change required, though it is recommended that you set these access controls to Administrator access - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 13
Flash Drive Firmware Updates Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage Shortcuts Remotely Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator Panel Lock Option Card Configuration at - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 14
, Solution 1 controls access to Held Jobs. Administrator access only Any valid setting Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled Disabling home screen icons The final step is to remove unneeded icons from the MFP home screen: 1 From - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 15
settings using the touch screen. Restoring HTTP or HTTPS access to to disable it again after making any needed changes, to return your device to the evaluated to the home screen. 7 Reboot the MFP by turning it off and back on using the power switch. Disabling HTTP/HTTPS access using the EWS - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 16
After attaching the MFP to a network, you will need to configure additional settings. This section covers the basic settings required for a network-attached device. Creating and modifying digital certificates Certificates are needed for domain controller verification, and for SSL support in LDAP - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 17
• City Name-Type the name of the city where the company or organization issuing the certificate is located. • Subject Alternate Name-Type the alternate name and prefix that conforms to RFC 2459. For example, enter an IP address using the format IP:255.255.255.255. Leave this field blank to use the - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 18
Source file, and then click Submit. Note: The Certificate Authority Source file must be in PEM (.cer) format. 4 Reboot the MFP by turning it off and back on using the power switch. Setting up IPSec IPSec encrypts IP packets as they are transmitted over the network between devices. It does not handle - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 19
find the AppleTalk selection. c Set Activate to No. d Touch Submit. The MFP will return to the AppleTalk screen. From there you can select Back to return find the Netware selection. c Set Activate to No. d Touch Submit. The MFP will return to the NetWare screen. From there you can select Back to - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 20
9501 (NPAP) • TCP 9600 (IPDS) • UDP 9700 (Plug-n-Print) • TCP 10000 (Telnet) • Web Services 3 Click Submit. Other settings and functions Network Time Protocol Use Network Time Protocol (NTP), to automatically sync MFP date and time settings with a trusted clock, so that Kerberos requests and audit - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 21
authentication, set Enable Authentication to On. 5 Touch Submit. Kerberos If you will be using LDAP+GSSAPI or Common Access Cards to control user access to the MFP, you must first configure Kerberos. Using the EWS 1 From the EWS, click Settings > Security > Security Setup. Note: For information - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 22
Importing a Kerberos configuration file Using the EWS, you can also import a krb5.conf file rather than configure the Simple Kerberos Setup. 1 From the EWS, click Settings > Security > Security Setup. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. Be - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 23
to send an E-mail when the log file is exported. • Select E-mail log settings changed alert if you want the MFP to send an E-mail when log settings are changed. • For Log line endings, choose LF (\n), CR (\r), or CRLF (\r\n), to specify how line endings will be handled in the log file, depending on - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 24
send an E-mail when log settings are changed, set "E-mail log settings changed alert" to On. • For Log line see "E-mail" on page 24. E-mail User data sent by the MFP using E-mail must be sent as an 2 Under E-mail Settings, select Attachment for "E-mail images sent as". 3 Under Web Link Setup, verify - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 25
10 From the User-Initiated E-mail list, select the option most appropriate for your network/server environment. 11 If the MFP must provide must be blank. • Password-must be blank. • Path-must be "/". • Base file name image-must be blank. • Web Link-must be blank. 3 Touch Back, and then touch Back - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 26
after you have finished using the EWS. 2 Under Fax Receive Settings, click Holding Faxes. 3 Set Held Fax Mode to Always On. 4 Click Submit, to save changes and return to Settings. 5 Under Fax Send Settings, clear the Driver to fax check box. 6 Under Fax Receive Settings, select Print, from the - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 27
the security menus. To regain access to the security menus, a service call will be required to replace the device RIP card (motherboard). User access Administrators and users are required to login to the MFP using a method that provides both authentication and authorization. Under the evaluated - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 28
, to control access to that function. The MFP supports a maximum of 250 user accounts and 32 user groups. Example: Employees in the warehouse will have access to black and white printing, color printing, and faxing. Scenario 1: Creating groups based on department Security template basic_user - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 29
credentials and group designations can be pulled from your existing system, making access to the MFP as seamless as other network services. Supported devices can store a maximum of five LDAP + GSSAPI configurations. Each configuration must have a unique name. Note: You must configure Kerberos before - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 30
a user must provide when attempting to access a function protected by the LDAP building block. Device Credentials (optional) • MFP Kerberos Username- Type the distinguished name of the print server(s). • MFP Password-Type the Kerberos password for the print server(s). Search specific object - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 31
user-defined, or cn (common name). • Search Base-The node in the LDAP server where user MFP Password-The Kerberos password for the print server(s). Touch Submit, to save settings and return to General Information. 7 From the General Information Screen, select Search Specific to save changes and return - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 32
instruction for users, or a custom Logon Screen Image. Custom screen images must be in GIF format, and no larger than 800 x 320 pixels. 7 Clear the Allow Copy without Card check box. 8 Clear the Allow Fax without Card check box. 9 Set User Validation Mode to Active Directory. 10 Select Use MFP - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 33
U.S. DoD Common Access Card uses "123456789@mil" to identify a user, "mil" is MFP should wait for a response from the domain controller before moving to the next one in the list. 12 If users are allowed to login manually, provide at least one Manual screen after the MFP is powered on. This message - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 34
users. This list will be populated with the authentication building blocks that have been configured on the MFP about starting PKI Authentication, see "Configuring Common Access Card access" on page 32. 6 Click Add authorization, to save changes, or Cancel to retain previously configured values. 34 - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 35
want to print; or All jobs print automatically, to have all jobs pending for a user print automatically when they select the Held Jobs icon. • Select Show Copies Screen if you want to enable users to change the number of copies for each job from the printer. • Select Allow Users to Print All if you - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 36
Address Book Cancel Jobs at the Device Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the Device Create Bookmarks Remotely Create Profiles E-mail Function eSF Configuration Fax Function Firmware Updates Flash Drive Color - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 37
Card Configuration Remotely Paper Menu at the Device Paper Menu Remotely PictBridge Printing PJL Device Setting Changes Release Held Faxes Remote Certificate Management Remote Management Reports Menu at the Device Reports Menu Remotely Security Menu at the Device Security Menu Remotely Service - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 38
Access Control Supplies Menu Remotely Use Profiles Web Import/Export Settings Level of protection Not applicable - all remote access disabled Authenticated users Not applicable - all remote access disabled 38 - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 39
Troubleshooting Login Issues "Unsupported USB Device" error message A NON-SUPPORTED SMARTCARD READER IS ATTACHED Only the OmniKey reader shipped with the printer is supported. Remove the unsupported reader and attach the OmniKey reader. The printer solutions, contact the Lexmark Solutions Help Desk - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 40
MFP's date and time" error message This error indicates the printer clock is more than five minutes out of sync with the domain controller clock. Verify the date and time on the printer manually configuring NTP settings. 3 If you have configured the printer then click Submit. Users are unable to - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 41
then click Apply to save any needed changes. 3 If a krb5.conf file has printer and the KDC in order for authentication to work. "User's Realm was not found in the Kerberos Configuration file" error message This error occurs during manual mil" domain). "Realm on the card was not found in the Kerberos - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 42
may or may not work This normally occurs either during login (at "Getting User Info"), or during address book searches. PORT 389 (NON-SSL) OR PORT lookups to work. REVERSE DNS LOOKUPS ARE DISABLED ON THE NETWORK The printer uses reverse DNS lookups to verify IP addresses. If reverse lookup is - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 43
changes. THE LDAP SEARCH BASE IS INCORRECT Narrow the LDAP search base to the lowest possible scope that will include all necessary users. THE LDAP ATTRIBUTE BEING SEARCHED FOR IS NOT CORRECT Verify that the LDAP attributes for the user's E-mail address and/or home directory are correct. Held Jobs - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 44
is not needed by other applications. • User Principal Name-The SmartCard principal name, or the credential provided by manual login is used to set the userid changes. THE USERID DISPLAYED IS CORRECT, BUT NO JOBS ARE LISTED The user may have sent the job (or jobs) to a different printer, or the jobs - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 45
screen The home screen The screen located on the front of the MFP is touch-sensitive, and can be used to access device functions, Some device settings require one or more alphanumeric entries, such as server addresses, user names, or passwords. When an alphanumeric entry is needed, a keyboard will - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 46
To type a single upper case or Shift character, touch the up-arrow A, and then touch the letter or number you need to capitalize or shift-select. To turn on caps-lock, touch the up-arrow A with the lock symbol, and then continue typing. Uppercase/Shift will remain engaged until you touch the lock - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 47
used in this guide CA CAC DC DHCP DNS DoD EAL EWS GIF GSSAPI HTTP HTTPS IP IPSec IPv4 IPv6 KDC LDAP MFP NTLM NTP OCSP PEM PKI PSK RFC SMTP SSL TCP TLS UDP USB Certificate Authority Common Access Card Domain Controller Dynamic Host Configuration Protocol Domain Name Service Department of Defense - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 48
Drive Firmware Updates Flash Drive Print Flash Drive Scan FTP Function Held Jobs Access Manage Shortcuts at the Device Manage Shortcuts Remotely What it does Controls the ability to perform address book searches in the Scan to Fax and Scan to Email functions Controls access to the Change Language - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 49
Card Configuration Remotely Paper Menu at the Device Paper Menu Remotely PictBridge Printing PJL Device Setting Changes Release Held Faxes Remote Certificate Management Remote Management Reports Menu at the Device Reports Menu Remotely Security Menu at the Device Security Menu Remotely Service - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 50
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 51
Appendix D: Using Common Access Cards Using a Common Access Card to access the MFP 1 Insert your Common Access Card into the card reader attached to the MFP: Note: The appearance of your MFP, including the location of the card reader, may vary. 2 When prompted, use the number pad located on the - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 52
to validate your credentials: 3 After your logon credentials have been validated, the MFP will return to the home screen: Note: The MFP home screen may contain different icons than the one shown here. For more information about using the touch screen, see "Appendix A: Using the touch screen" - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 53
Lexmark for use in connection with your Lexmark product. The term "Software Program" includes machine-readable instructions, audio/visual content (such as images price paid for the Software Program. 3 LICENSE GRANT. Lexmark authorized users to the number specified in your agreement with Lexmark. You - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 54
license. 4 TRANSFER. You may transfer the Software Program to another end-user. Any transfer must include all software components, media, printed materials, and to updates or supplements to the original Software Program provided by Lexmark unless Lexmark provides other terms along with the update or - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 55
with the terms of this License Agreement, any other written agreement signed by you and Lexmark relating to your Use of the Software Program). To the extent any Lexmark policies or programs for support services conflict with the terms of this License Agreement, the terms of this License Agreement - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 56
configuring the device verifying firmware 6 verifying physical interfaces 6 C certificates creating and modifying 16 Common Access Cards how to use 51 EWS using 15 F fax forwarding 26 fax settings Driver to fax 26 fax forwarding 26 held faxes 26 fax storage 26 firmware verifying 6 function access - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 57
does not appear when card is inserted 39 MFP clock out of sync 40 missing Kerberos realm 41 multiple Kerberos realms 41 no jobs available to user 44 not authorized to use Held Jobs 43 not authorized to use Print Release Lite 43 printer clock out of sync 40 problem getting user info 42 realm on - Lexmark X860 | Common Criteria Installation Supplement and Administrator Guide - Page 58
www.lexmark.com
Common Criteria
Installation supplement and administrator
guide
April 2010
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2010 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550
3060008-002