manualshive.com logo in svg

Lexmark X782E, Installation Manual

The Lexmark X782E is a high-quality printer that boasts impressive features and functionality. With its stunning print quality and efficient performance, this printer is ideal for home and office use. Easily access its Brochure & Specs and user manual for free download at manualshive.com, to help you maximize its potential.

Share
Download
background image

PKI Pre-Installation Guide 

Version 2.0.0 

 

Page 24 

5.6.2 Email Encryption 

Emails can only be encrypted when the encryption certificate can be found for 

each

 of the 

recipients – this limits encrypted emails to those users in the global address book.  The 
encryption certificate on the card (if available) is used for the authenticated user if he/she sends 
email to his/herself. 
 

1.

 

This feature can be always disabled, always enabled, or the user can be prompted.  The 
prompt that appears depends on the signing setting.   
 
 

 

Always Disabled 

 

 

Always Sign 

 

 

Prompt User 

 
 

2.

 

When the email is both signed and encrypted, it can be signed once or twice. When 
signed twice, the email is signed, encrypted, and then the resulting message is signed 
again.  Choosing the double-signing methods reduces the maximum allowed email size to 
approximately 15MB.  Which method should be used? 
 
 

 

Sign and Encrypt 

 

 

Sign and Encrypt and Sign Again 

 

3.

 

The LDAP configuration designated for the Address Book Lookup in section 5.5 is used 
for searching for the encryption certificates.  A primary and alternate LDAP attribute can 
be specified for the location of the user’s certificates.  The defaults are 
“userSMIMECertificate” and “userCertificate”, respectively.  If different attributes 
should be used, specify below. 
 
 

Primary LDAP Attribute: _____________________________________________ 

 
 Alterrnate 

LDAP 

Attribute: ___________________________________________ 

 
The primary attribute is searched first; if no valid encryption certificate is found, the 
alternate attribute is searched.  If no valid certificate is found, an error message is 
displayed and the email is cancelled. 

 

5.6.3 Results 

The following table details the results based on the email signing and encryptions specified 
above. 
 
 
 

Summary of Contents for X782E

Page 1: ...PKI Enabled MFP Pre Installation Guide Version 2 0 0 www lexmark com ...

Page 2: ...use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you Kingdom and Eire call 44 0 8704 440 044 In other countries contact your point of purchase References in this publication to products programs or services do not imply that the manufacturer intends to make these available in all countries in which it operates Any reference ...

Page 3: ...Login Type 9 3 1 5 Display MFP Info 9 3 1 6 Display Printer Status 10 3 2 User Authentication 10 3 2 1 PIN Only 10 3 2 2 Active Directory 10 3 2 2 1 SmartCard Configuration 11 3 2 2 1 1 Response Validation 11 3 2 2 1 2 User Lookup 13 3 2 2 2 Manual Login Configuration 14 3 3 User Authorization 14 3 4 Logout Behavior 15 3 4 1 Auto Logout 15 3 4 2 Card Removal 16 4 PKI AD Standard Applications Confi...

Page 4: ...Settings 26 6 2 Fileshare Settings 26 6 3 Fileshare Examples 28 7 Finding Configuration Information 30 7 1 Kerberos Realm 30 7 2 Domain Controller 30 7 3 Kerberos Configuration File 31 7 4 LDAP Directory Information 33 7 5 Domain Controller Certificates 33 8 Custom LDAP Configurations 34 8 1 LDAP Configuration 1 35 8 2 LDAP Configuration 2 36 8 3 LDAP Configuration 3 37 ...

Page 5: ... applications to function It provides the login screen and authentication mechanism It also supports the user authorization support for device and or individual device functions PKI AD Standard Applications Provides user authorization support for the standard Copy Fax and FTP functions on the device PKI AD Email Provides user authorization support and enhanced email functionality this includes gre...

Page 6: ...nd EDI PI The UPN provides a standard identifier used throughout the organization The standard format for the UPN is principal name common domain name For a military CAC card the UPN would be something like 12345678 mil The mil is the DoD s common domain name The 12345678 is the EDI PI The EDI PI can be used as an identifier independently when separated from the mil domain o Email Address The user...

Page 7: ...ation OCSP Validation 88 Kerberos Active Directory Authentication 389 LDAP non SSL Email Address Home Directory LDAP Lookup 445 Windows File Sharing Scan To Network 636 LDAP SSL Email Address Home Directory LDAP Lookup 1 5 Key Contacts Before proceeding it may be helpful to identify the appropriate people that can be contacted for assistance in filling this document out and or assisting during the...

Page 8: ...is needed 1 The IP Address for the MFP needs to be assigned 2 The IP Address of the Gateway _______ _______ _______ _______ 3 The Netmask _______ _______ _______ _______ If the device has not or will not be connected to the network prior to the PKI installation please make sure the appropriate people are available to assist in getting the device active on the network 2 2 DNS and WINS Servers In or...

Page 9: ... The printer will be assigned to a domain once it is on the network What domain should it be assigned to Printer Domain Name ______________________________________________ 2 What domain is the Domain Controller assigned to Same as Printer Domain Name Different Domain _______________________________________________ 3 What domain is the LDAP Server assigned to Same as Printer Domain Name Same as Dom...

Page 10: ...SL is required to communicate with the server then the LDAP Server s SSL certificate will need to be installed on the device SSL is not required SSL is required Certificate Please have file ready at install time If SSL is used then the fully qualified domain name instead of just the IP Address needs to be used in item 1 4 If using SSL the LDAP Certification Validation method must be selected If no...

Page 11: ...Search Timeout _________ seconds 7 Maximum Search Results The maximum number of search results to be displayed to the user Valid values are 5 to 500 results The default value of 100 is recommended Maximum Search Results ___________ 8 Access rights needed to access the LDAP directory The device supports anonymous binding the authenticated user s credentials or a service account using a Distinguishe...

Page 12: ... before making copies check No below Yes No 3 1 2 Fax If Fax is enabled on the MFP the PKI Authentication application can allow faxes to be sent without logging onto the device If the user is allowed to send faxes without logging on to the device check Yes below If the user must log on to the device before sending faxes check No below Yes No 3 1 3 Login Text and Graphic The login screen for the us...

Page 13: ...s mode smart cards are not supported and the smart card reader is not attached to the MFP Card or Manual Login The user can insert his her card or username and password to gain access to all device functions Check the box below to indicate the desired logon method Card Only Manual Login Only Card or Manual Login 3 1 5 Display MFP Info The MFP can be configured to display various info in the upper ...

Page 14: ...ated the user is granted access to the device Check the box below to indicate the desired logon method PIN Only Active Directory 3 2 1 PIN Only No additional configuration information is needed for the PIN Only logon method Using this mode manual login is not supported and user s certificate is not verified The PKI Email application is the only other PKI application that can be used 3 2 2 Active D...

Page 15: ... Server This can allow for greater flexibility in case multiple KDCs are specified so that the LDAP server does not have to be set to only one of them Do you want to set the default LDAP Server to be the KDC used for user authentication Yes No 3 2 2 1 SmartCard Configuration If SmartCard login is allowed the PKI Authentication application needs to validate the response from the Domain Controller I...

Page 16: ... mode If that succeeds it then uses an OCSP Responder Repeater such as Tumbleweed to validate that none of the certificates in the certificate chain have been revoked or otherwise marked as invalid If that succeeds for each certificate in the chain the logon proceeds otherwise it fails The configuration information needed varies according to the Domain Controller Validation method selected Check t...

Page 17: ...connection response is not received in that time the next OCSP Responder Repeater will be tried The default is 10 seconds Timeout ______ seconds 4 Certificate used by the OCSP Responder Repeater to sign its response This is used to validate that the response from the OCSP Responder Repeater is from a trusted source Certificate Please have file ready at install time 3 2 2 1 2 User Lookup In order t...

Page 18: ...________ 2 In order to lookup information about the user the LDAP Attribute that corresponds to the user s id is needed This attribute is typically named samaccountname Manual Login Search Attribute _______________________________________ 3 If the username or password can contain non US English characters the code page used to process those characters must be set The code page already configured o...

Page 19: ...on 2 as specified in section 8 2 LDAP Configuration 3 as specified in section 8 3 3 If User Authorization is enabled it can be used to restrict access to the device as a whole or just to individual functions For device access select the appropriate authorization setting All Users Can Use the Device no restrictions Only Users in the Groups specified in item 4 can use the device All Users Except tho...

Page 20: ...ld happen Cancel Job and Return to Login Screen When the card is removed the current job is cancelled and the MFP returns to the locked out state Complete Job and Return to Login Screen When the card is removed the current job is completed and then the MFP returns to the locked out state Complete Job and Return to Options Screen When a copy is being made and the card is removed the current job is ...

Page 21: ...3 1 1 for more information 1 If User Authorization is enabled it can be used to restrict access to the Copy function For copy access select the appropriate authorization setting All Users Can Make Copies no restrictions Only Users in the Groups specified in item 2 can use make copies All Users Except those in the Groups specified in item 2 can make copies 2 If User Authorization is enabled and the...

Page 22: ...______________________________________________________________________ 4 3 FTP FTP access can be left open for all authenticated users or it can be restricted to certain Active Directory groups 1 If User Authorization is enabled it can be used to restrict access to the FTP function For FTP access select the appropriate authorization setting All Users Can Use FTP no restrictions Only Users in the G...

Page 23: ...strict access to the Email function For email access select the appropriate authorization setting All Users Can Send Emails no restrictions Only Users in the Groups specified in item 2 can send emails All Users Except those in the Groups specified in item 2 can send emails 2 If User Authorization is enabled and the device access setting in item 1 requires groups to be included or excluded list the...

Page 24: ...______________________________________ 4 All emails sent from the device will have a default message that can be changed if allowed by the user A suggested default is Please see the attached document Default Email Message ______________________________________________ __________________________________________________________________ ________________________________________________________________...

Page 25: ...ion on page 2 This address is used as the user s email address LDAP Lookup The email address of the user can be queried from one of the specified LDAP Configurations Check the box below to indicate the desired email address method If Manual Login is allowed LDAP Lookup should be used for all email addresses since not all users will login with a SmartCard Card Email Address LDAP Lookup 5 4 1 Card E...

Page 26: ... the user is given no option to add or otherwise modify the destinations Select to whom the user can send email User can only send email to self User can send email to self and or others 2 The application can be configured to allow the user to send email to only certain domains List the domains if any below that email destinations should be limited to No wildcards can used list the full domain for...

Page 27: ...email is taken from the signing certificate available on the card 1 This feature can be always disabled always enabled or the user can be prompted The prompt that appears depends on the encryption setting Always Disabled Always Sign Prompt User 2 When the email is only signed not encrypted it can be signed so that the receiver of the email can read it even if his her email client does not support ...

Page 28: ...educes the maximum allowed email size to approximately 15MB Which method should be used Sign and Encrypt Sign and Encrypt and Sign Again 3 The LDAP configuration designated for the Address Book Lookup in section 5 5 is used for searching for the encryption certificates A primary and alternate LDAP attribute can be specified for the location of the user s certificates The defaults are userSMIMECert...

Page 29: ...sponse Always Sign Prompt User User is prompted with Sign the Email Sign and Encrypt the Email Email is sent signed encryption is based on user s response Prompt User Always Encrypt User is prompted with Encrypt the Email Sign and Encrypt the Email Email is sent encrypted signing is based on user s response Prompt User Prompt User User is prompted with Do Not Sign or Encrypt the Email Sign the Ema...

Page 30: ...an be given to individual fileshares For general Scan To Network access select the appropriate authorization setting All Users Can Send Emails no restrictions Only Users in the Groups specified in item 3 can scan to network All Users Except those in the Groups specified in item 3 can scan to network 3 If User Authorization is enabled and the device access setting in item 1 requires groups to be in...

Page 31: ...____________ 3 Display Name If the user has access to more than one fileshare all the possible choices are displayed in a list What name should be given to the fileshare File Share Display Name ____________________________________________ 4 UNC Path Each fileshare needs the UNC Path that corresponds to it If looking up data from LDAP to create the UNC Path use a u no quotes in the path to represen...

Page 32: ...append the timestamp to the file Yes append the timestamp No do not append the timestamp 9 Remove For some fileshares a dollar sign may be included in a subfolder name but must be removed in order to write to the fileshare Should the dollar sign be removed Yes No 10 Create Directory If the directory specified does not exist the scan to fileshare will fail The application can be configured so that ...

Page 33: ...server deptshares depta Replacement Value Not Used Replacement Lookup Not Used Replacement Attribute Not Used 3 Fileshare based on User s Windows ID Display Name S Drive UNC Path fileserver u Replacement Value LDAP Lookup Replacement Lookup LDAP MFP Default User s Credentials Replacement Attribute samaccountname ...

Page 34: ...ServiceName krbtgt TargetName krbtgt FullServiceName steve DomainName SMARTCARD BP LEXMARK COM TargetDomainName SMARTCARD BP LEXMARK COM AltTargetDomainName SMARTCARD BP LEXMARK COM TicketFlags 0x40e00000 KeyExpirationTime 0 38 4 0 00 10776 StartTime 1 31 2007 8 41 47 EndTime 1 31 2007 18 41 47 RenewUntil 2 7 2007 8 41 47 TimeSkew 2 7 2007 8 41 47 The Kerberos Realm is listed as the DomainName Thi...

Page 35: ... Select one from the list and use that value as the first domain controller listed in section 3 2 2 item 1 7 3 Kerberos Configuration File When User Validation Mode is set to Active Directory Kerberos must be configured on the MFP The PKI Authentication Application allows for configuring the basic Kerberos settings without downloading a file to the MFP For most environments the basic settings will...

Page 36: ...ess or fully qualified domain name More than one KDC can be listed If the first KDC cannot be contacted then the next KDC is contacted This process repeats until all KDCs are contacted Note that if multiple KDCs are used certificate chains will need to be present in the MFP for all KDCs kdc tcp _ip_address_or_name_of_domain_controller_ default_domain _same_as_kdc_ pkinit_require_eku false pkinit_r...

Page 37: ... 7 5 Domain Controller Certificates The local administrator should know how to obtain the certificates for the domain controller they can typically be downloaded from an internal website If this is not available the certificates can also be located in the Windows workstation s certificate cache which can be examined using Internet Explorer In Internet Explorer version 6 or 7 the cache can be acces...

Page 38: ...ed on the device If the default LDAP configuration can be used for all lookups this section can skipped However if a custom LDAP configuration was specified as being needed for the user s email address lookup or the user s home directory lookup then complete the following LDAP configuration information Please refer to section 2 5 Default LDAP Configuration if more information is needed on any of t...

Page 39: ...used for the lookup User Principal Name 12345678 mil RFC822 Name joe smith branch us mil Subject Name CN SMITH JOE 12345678 OU Contractor OU PKI OU DoD O U S Government C US EDIPI 12345678 7 LDAP attribute representing the data read from the card ___________________________________________ 8 Search Base Typically something like ou installation dc branch dc mil _____________________________________...

Page 40: ...used for the lookup User Principal Name 12345678 mil RFC822 Name joe smith branch us mil Subject Name CN SMITH JOE 12345678 OU Contractor OU PKI OU DoD O U S Government C US EDIPI 12345678 7 LDAP attribute representing the data read from the card ___________________________________________ 8 Search Base Typically something like ou installation dc branch dc mil _____________________________________...

Page 41: ...used for the lookup User Principal Name 12345678 mil RFC822 Name joe smith branch us mil Subject Name CN SMITH JOE 12345678 OU Contractor OU PKI OU DoD O U S Government C US EDIPI 12345678 7 LDAP attribute representing the data read from the card ___________________________________________ 8 Search Base Typically something like ou installation dc branch dc mil _____________________________________...

Page 42: ...xmark with diamond design are trademarks of Lexmark International Inc registered in the United States and or other countries 2007 Lexmark International Inc 740 West New Circle Road Lexington KY 40550 www lexmark com ...

Reviews:

No comments

Related manuals for X782E

Canon ImageCLASS MF4570dw Basic Operation Manual preview
ImageCLASS MF4570dw
Brand: Canon Pages: 164
Canon imagePRESS C800 Series Service Manual preview
imagePRESS C800 Series
Brand: Canon Pages: 132
Canon ImageCLASS MF5730 Technical Information preview
ImageCLASS MF5730
Brand: Canon Pages: 2
NCR 7156 Operating And Troubleshooting Manual preview
7156
Brand: NCR Pages: 36
NCR 7156 Service Manual preview
7156
Brand: NCR Pages: 206
NCR 7156 Owner'S Manual preview
7156
Brand: NCR Pages: 138
DNP ID400 DC3 Installation Manual preview
ID400 DC3
Brand: DNP Pages: 2
Garment Printer Ink V16 Automatic Shaker Unit Installation, Operation & Maintenance Manual preview
V16 Automatic Shaker Unit
Brand: Garment Printer Ink Pages: 21
Xerox Phaser 8400 Service Manual preview
Phaser 8400
Brand: Xerox Pages: 29
Xerox WorkCentre 7830 Specification preview
WorkCentre 7830
Brand: Xerox Pages: 12
Oce cm5520 User Manual preview
cm5520
Brand: Oce Pages: 366
Ricoh SP 213Nw Setup Manual preview
SP 213Nw
Brand: Ricoh Pages: 23
Canon MP21D III Instructions Manual preview
MP21D III
Brand: Canon Pages: 11
Canon MAXIFY GX3070 Installing preview
MAXIFY GX3070
Brand: Canon Pages: 13
Canon Pixma iP1200 Quick Start Manual preview
Pixma iP1200
Brand: Canon Pages: 20
Canon imageRUNNER 717iFZ Getting Started preview
imageRUNNER 717iFZ
Brand: Canon Pages: 12
Canon TR7022a Getting Started preview
TR7022a
Brand: Canon Pages: 16
Canon imageRunner Advance 715iZF III Getting Started preview
imageRunner Advance 715iZF III
Brand: Canon Pages: 12

Brands by name

Popular brands

Load more brands