White Papers
Table Of Contents
- Contents
- Change history
- Overview
- Securing network connections
- Managing devices remotely
- Managing login methods
- Restricting public access to functions, applications, printer management, and security options
- Using local accounts
- Using LDAP or LDAP+GSSAPI
- Using Kerberos
- Using Active Directory
- Creating LDAP, LDAP+GSSAPI, or Active Directory groups
- Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups
- Understanding access controls
- Managing certificates
- Managing other access functions
- Securing data
- Troubleshooting
- User is locked out
- User is logged out automatically
- User cannot access applications or functions
- KDC and MFP clocks are out of sync
- Domain controller certificate is not installed
- KDC is not responding within the required time
- LDAP lookups fail
- Make sure that the server and firewall settings are configured to allow communication between the pr ...
- If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
- If the LDAP server requires SSL, then enable SSL for LDAP lookups
- Narrow the LDAP search base to the lowest possible scope that includes all necessary users
- Make sure that all LDAP attributes that are being searched for are correct
- Notices
- Index
• Require—Use only Windows operating system authentication credentials.
Device Credentials
–
Use Active Directory Device Credentials—Use user credentials and group designations that are
pulled from the existing network comparable to other network services.
– If Use Active Directory Device Credentials is disabled, then provide the authentication credentials
used to bind the printer with the Active Directory server.
• Device Username—Type the fully qualified DN of a user registered to the Active Directory server.
• Device Realm—The Active Directory domain name.
• Device Password—Type the password for the user.
Advanced Options
–
Use SSL/TLS—If the LDAP server requires SSL, then select SSL/TLS.
– Userid Attribute—Type the LDAP attribute to search for when authenticating users’ credentials. The
default value is sAMAccountName, which is common in a Windows environment. For other
directories you can type uid, cn, or a user-defined attribute. For more information, contact your
system administrator.
– Mail Attribute—Type the LDAP attribute that contains the users’ e-mail addresses. The default value
is mail.
– Full Name Attribute—Type the LDAP attribute that contains the users’ full names. The default value
is cn.
– Search Base—The node in the LDAP server where user accounts reside. You can type multiple search
bases, separated by commas.
Note: A search base consists of multiple attributes separated by commas, such as cn (common
name), ou (organizational unit), o (organization), c (country), and dc (domain).
– Search Timeout—Enter a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer
model.
– Follow LDAP Referrals—Search the
dierent
servers in the domain for the logged‑in user account.
Search Specific Object Classes
–
person—Search the “person” object class.
– Custom Object Classes—Type the name of the custom object class to search.
Note: A maximum of three custom object classes can be searched. Type the other object class in
the other Custom Object Class field.
Address Book Setup
The following settings are used to
configure
the address book used when scanning to an e‑mail address:
– Displayed Name—Select the LDAP attribute you want displayed on the address book.
– Max Search Results—Type the maximum search results displayed on the address book.
– Use user credentials—Use the logged‑in user credentials to connect to the LDAP server.
– Search Attributes—Select LDAP attributes used as search filters.
– Custom Attributes—Type LDAP custom attributes used as search
filters.
Managing login methods 19