White Papers
Table Of Contents
- Contents
- Change history
- Overview
- Securing network connections
- Managing devices remotely
- Managing login methods
- Restricting public access to functions, applications, printer management, and security options
- Using local accounts
- Using LDAP or LDAP+GSSAPI
- Using Kerberos
- Using Active Directory
- Creating LDAP, LDAP+GSSAPI, or Active Directory groups
- Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups
- Understanding access controls
- Managing certificates
- Managing other access functions
- Securing data
- Troubleshooting
- User is locked out
- User is logged out automatically
- User cannot access applications or functions
- KDC and MFP clocks are out of sync
- Domain controller certificate is not installed
- KDC is not responding within the required time
- LDAP lookups fail
- Make sure that the server and firewall settings are configured to allow communication between the pr ...
- If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
- If the LDAP server requires SSL, then enable SSL for LDAP lookups
- Narrow the LDAP search base to the lowest possible scope that includes all necessary users
- Make sure that all LDAP attributes that are being searched for are correct
- Notices
- Index
• Proposed Authentication Method
• IPSec Device Certificate
4 Do one or more of the following:
• From the Pre‑Shared Key Authenticated Connections section, type the IP address of the client printer
that you want to connect to the printer.
• From the Certificate Authenticated Connections section, type the IP address of the client printer that you
want to connect to the printer.
5 Click Save.
Notes:
• If there are no CA
certificates
added, then the default
certificate
is used.
• If you are using PSK authentication, then type the corresponding key. Retain the key to use later when
configuring client printers.
Configuring 802.1x authentication
Though normally associated with wireless devices and connectivity, 802.1x authentication supports both wired
and wireless environments.
Notes:
• If using digital certificates to establish a secure connection to the authentication server, then configure
the
certificates
on the printer before changing 802.1x authentication settings. For more information, see
“Managing certificates” on page 23.
• Make sure that all printers on the same network using 802.1x are supporting the same EAP
authentication type.
1 From the Embedded Web Server, click Settings > Network/Ports > 802.1x.
2 From the 802.1x Authentication section, do the following:
a Select Active.
b Type the login name and password that the printer uses to log in to the authentication server.
c Select Validate Server
Certificate
.
Note: Server certificate validation is necessary when using Transport Layer Security (TLS), Protected
Extensible Authentication Protocol (PEAP), and Tunneled Transport Security Layer (TTLS).
d Select Enable Event Logging.
Warning—Potential Damage: To reduce
flash
part wear, use this feature only when necessary.
e In the 802.1x Device Certificate list, select the digital certificate that you want to use.
Note: If only one certificate is installed, then default is the only option that appears.
3 From the Allowable Authentication Mechanisms section, select one or more authentication protocols.
• EAP‑MD5, EAP‑MSCHAPv2, and LEAP require a login name and password.
• PEAP, and EAP‑TTLS require a login name and password and a CA certificate.
• EAP‑TLS requires a login name and password, a CA certificate, and a signed printer certificate.
Securing network connections 7