White Papers
Table Of Contents
- Contents
- Change history
- Overview
- Securing network connections
- Managing devices remotely
- Managing login methods
- Restricting public access to functions, applications, printer management, and security options
- Using local accounts
- Using LDAP or LDAP+GSSAPI
- Using Kerberos
- Using Active Directory
- Creating LDAP, LDAP+GSSAPI, or Active Directory groups
- Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups
- Understanding access controls
- Managing certificates
- Managing other access functions
- Securing data
- Troubleshooting
- User is locked out
- User is logged out automatically
- User cannot access applications or functions
- KDC and MFP clocks are out of sync
- Domain controller certificate is not installed
- KDC is not responding within the required time
- LDAP lookups fail
- Make sure that the server and firewall settings are configured to allow communication between the pr ...
- If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
- If the LDAP server requires SSL, then enable SSL for LDAP lookups
- Narrow the LDAP search base to the lowest possible scope that includes all necessary users
- Make sure that all LDAP attributes that are being searched for are correct
- Notices
- Index
Domain controller certificate is not installed
Make sure that the correct certificate is installed on the printer
For more information, see “Managing certificates” on page 23.
KDC is not responding within the required time
Try one or more of the following:
Make sure that the IP address or host name of the KDC is correct
Make sure that the KDC is available in the configuration file
You can add multiple KDCs in the configuration file.
Make sure that the server and firewall settings are configured to allow communication
between the printer and the KDC server on port 88
LDAP lookups fail
Try one or more of the following:
Make sure that the server and firewall settings are configured to allow communication
between the printer and the LDAP server on port 389 and port 636
The default ports are port 389 and port 636.
If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
1 From the Embedded Web Server, click Settings > Security.
2 From the Network Accounts section, click Kerberos.
3 From the Miscellaneous Settings section, select Disable Reverse IP Lookups.
4 Click Save and Verify.
If the LDAP server requires SSL, then enable SSL for LDAP lookups
Some solutions that provide authentication may require you to enable SSL for LDAP lookups. For more
information, see the administrator’s guide for the solution.
Narrow the LDAP search base to the lowest possible scope that includes all necessary
users
Make sure that all LDAP attributes that are being searched for are correct
Troubleshooting 31