PKI-Enabled MFP
Contents
1. 3 The file will take a few minutes to upload and for the MFP to be updated Wait for the update to complete and then refresh the web page NOTE The MFP should not be powered off while the update is in progress 2 2 Smartcard Driver After the firmware has been updated the Smartcard Driver compatible with the type of cards being used must be installed 1 Bring up the MFP s web page and click Configuration and then click Embedded Solutions Version 2 0 0 Page 3 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc http 157 184 82 214 42 gt lt cooge Ready Lexmark X646e Lexmark fo r Location gt Refresh ener ees General Settings Configuration Copy Settings Fax Settings E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Set Date and Time Network Ports Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Embedded Solutions 2 One Embedded Solution PKI Active Directory Application is automatically installed when the PKI AD firmware is installed Click the Install button Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc E http 157 184 27 106 5 xi Google A deb y Page GQ Tools p Lexmark X646e IP Address 157 184 27 106 Location Installed Solutions License Configuratio2. Signing Method Section 5 6 1 Item 2 Signing Algorithm SHA 1 only algorithm currently supported Non Repudiation Required for Section 5 6 1 Item 3 Signing Version 2 0 0 Page 37 7 Configuring PKI AD Scan to Network This application is only used 1f Scan to Network is enabled You can skip this section if this application has not been installed 1 Click Configuration and then click Embedded Solutions Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc GO E htep 157 184 27 106 we ge Lexmark x a e p dh v l Page Of Tools Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK fates Refresh Contact Configuration Device Status Default Settings Other Settings Scan Profile 2 General Settings Configuration Copy Settings Fax Settings Reports E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Embedded Solutions Ga Set Date and Time Network Ports Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Local intranet E 100 Version 2 0 0 Page 38 2 Select the PKI AD Scan To Network solution by clicking its name Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go E http 1157 184 27 106 f s x lt coge e w amp Lexmark 6460 M D gt Eae gt Gtoos Ready Lexmark X646e LEXMARK Locat
3. Page 32 3 Click the Configure Tab Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc BAE G y y le http 157 184 27 106 Bi we R Lexmark x646e deb i Page Q Tools Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK Location 4 Ta Refresh Contact Solutions System Network License Device sees i PKI AD Standard Apps Scan Profile Inforr 1 Configure License Configuration Reports Description Provides User AuthoriMtion Capabilities for Copy Fax and FTP for PKI AD Users Version 2 0 0 Vendor name Lexmark International Inc Vendor email kxksolv lexmark com Vendor web site www lexmark com Vendor phone US Canada 1 888 LXKSOLV option 4 Other Consult your local sales rep http 157 184 27 106 cgi bin direct prtappauth admin configureshellservlet u Local intranet 100 4 The following table lists each setting and the corresponding Pre Installation Section Item that contains the value needed for that field Setting Corresponding Pre Installation Guide Section Item Copy Authorization Section 4 1 Item 1 Copy Authorization List Section 4 1 Item 2 Version 2 0 0 Page 33 6 Configuring PKI AD Email This application is only used 1f Scan to Email is enabled You can skip this section if this application has not been installed 1 GO y 6 htep 1157 184 27 106 Click Configuration and then click Embedde
4. section 3 1 Be sure the time zone and daylight savings time settings are correct Cause The PKI AD Authentication solution is configured to use the MFP Kerberos setup but no Kerberos file was uploaded Resolution See section 4 1 If the Kerberos settings are provided in the PKI AD Authentication are provided in the settings uncheck the Use MFP Kerberos Setup checkbox and click apply Resolution If a Kerberos file really needs to be used click Configuration Security Kerberos Setup Browse to the Kerberos file and click submit A reboot will be required Cause No certificate has been installed on the MFP Resolution See section 3 6 If you install the wrong certificate the error message on the device will provide the name of the certificate needed Cause The certificate specified in the error message is needed to validate the domain controller Resolution See the PKI Pre Installation Guide for information on obtaining the certificate See section 3 6 for information on installing the certificate Cause The hostname or IP address of the KDC is not correct Resolution Verify the hostname or IP address and check against the value in the PKI AD Authentication solution or Kerberos file Cause The KDC is not currently available Resolution Multiple KDCs can be specified in the PKI AD Authentication solution or Kerberos file this will typically resolve this issue Cause Port 88 is blocked by a firewall
5. shrinkwrap license or electronic license terms at the time of download Use of the Freeware by you shall be governed entirely by the terms and conditions of such license 4 TRANSFER You may transfer the Software Program to another end user Any transfer must include all software components media printed materials and this License Agreement and you may not retain copies of the Software Program or components thereof The transfer may not be an indirect transfer such as a consignment Prior to the transfer the end user receiving the transferred Software Program must agree to all these License Agreement terms Upon transfer of the Software Program your license is automatically terminated You may not rent sublicense or assign the Software Program except to the extent provided in this License Agreement 5 UPGRADES To Use a Software Program identified as an upgrade you must first be licensed to the original Software Program identified by Lexmark as eligible for the upgrade After upgrading you may no longer use the original Software Program that formed the basis for your upgrade eligibility 6 LIMITATION ON REVERSE ENGINEERING You may not alter reverse engineer reverse assemble reverse compile or otherwise translate the Software Program except as and to the extent expressly permitted to do so by applicable law for the purposes of interoperability error Version 2 0 0 Page 11 PKI Installation and Configuration Guide correction and se
6. Daylight Savings to Yes Set Time Server to None Leave Time Server Name blank Set DST Mode to Automatic Set Daylight Savings to Yes Set Time Server to IP Set Time Server Name 3 Click Submit 3 2 TCP IP Settings While not explicitly part of the PKI Application Setup it is a good idea to verify all necessary TCP IP Settings are configured Version 2 0 0 Page 10 1 Click Configuration and then click Network Ports Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc AE GO PEt 157 184 27 106 9 x Google ej k de Lexmark sase M D er Bage G Toos gt Ready Lexmark X646e IP Address 157 184 27 106 LEXM Location TIS Lab Refresh Contact Nick Barker O EN Default Settings Other Settings oi General Settings Network Ports lt Configuration Copy Settings Email Alert Setup Fax Settings Security E mail FTP Settings Manage Shortcuts Scan to USB Settings Update Firmware Print Settings Import Export Paper Menu Embedded Solutions Set Date and Time Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc http 157 184 27 106 ve de Lexmark zesse r lt coat a D a Dee Gm Roady Lexmark X646e IP Address 157 184 27 106 Refresh Location TIS Lab Contact Nick Barker Configuration Network Ports TCP IP N IPE Configuration IPSec 8021x Authent
7. Install a New Certificate Authority Certificate Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc E http 1157 184 27 106 s x Google e z A 0 6 ee Ts Ready Lexmark X646e LEXMARK Location 4 Refresh Contact Configuration Certificate Management Certificate Status Confi The current device certificate was created and signed by the device This is intended for temporary use only and should be updated and signed by a onfiguration valid certificate authority Certificate View The Certificate Information Download The Current Certificate Certificate Signing Request View The Certificate Signing Request Information Download The Certificate Signing Request Certificate Authority Certificate View The Certificate Information Download The Certificate Authority Certificate Configuration Install A New Certificate Generate A New Private Key Note This will update the certificate request and install a self signed certificate Update The Certificate Signing Request Note This will update the self signed certificate as well Install A New Certificate Authority Certificate GE Uploaded Certificates Must Be In PEM Format E http 1157 184 27 106 a x Google We de Glexmarkxes6e ft gt Bl aby e age Geto y Ready Lexmark X646e LEXM ARK IP Address 157 184 27 106 Location 4 sz Diii Contact Device Staus Ce
8. be kept and used with the new firmware 1 Bring up the MFP s web page and click Configuration and then click Update Firmware Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc OO e moins We Be lexmark x646e Ready Lexmark X646e IP Address 157 184 82 214 LEXMARK Location Refresh Contact Configuration Device Status Default Settings Other Settings Scan Profile General Settings Network Ports Email Alert Setup Security Manage Shortcuts Configuration Copy Settings Fax Settings Reports E mail FTP Settings Scan to USB Settings Update Firmware a Print Settings Import Export Paper Menu Embedded Solutions Set Date and Time E 100 Version 2 0 0 Page 2 2 Browse to the location of the firmware file Click Submit See the table below for filename that corresponds to your MFP model Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go le http 157 184 82 214 we ke Lexmark X646e Ready Lexmark X646e IP Address 157 184 82 214 LEXMARK Location Refresh Contact Update Firmware Device Status Fig le C cacad LC2_MC_P254R Scan Profile Configuration Reports Links amp Index Applications 2 Local intranet X644 and X646 LC2_MC_P254PAh1_full fis X85x LC2_BE_P248PAh1_full fls X782 LC2_TO_PO77PAh1_full fls X94x LC_BR_PO6SPAhI_full fls T64x X4600 LC2_TI_P249PAh1_full fls
9. http 157 184 27 106 Y ke Lexmark xssse em Ed sooo Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK Location Refresh Contact _ Solutions System Network License _ a PKI AD Authentication Configure LDAP Configuration License Provides PKI authentication against Active Mectory to enable access to the MFP Version 2 0 0 Vendor name Lexmark International Inc Vendor email Ixksov lexmark com Vendor web site www lexmark com Vendor phone US Canada 1 888 LXKSOLV option 4 Other Consult your local sales rep Version 2 0 0 Page 26 4 2 1 Adding a New Configuration 1 Click New to create a new LDAP Configuration Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc 4 x Google E http 157 184 27 106 we k lexmark x646e Ready Lexmark X646e IP Address 157 184 27 106 4 Refresh Contact a PKI AD Authentication Information Configure LDAP Configuration License Configuration Version 2 0 0 Page 27 2 The LDAP Configuration page is displayed Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc G http 11157 184 27 106 w de E Lexmark x646e Lexmark X646e IP Address 157 184 27 106 LEXMARK Refresh Location Contact Ready Soluti
10. or writing to the File Share Version 2 0 0 access to any of the defined fileshares the authorization list for the fileshare needs to be expanded to include an Active Directory group that includes this user Cause The LDAP lookup failed Resolution See section 8 2 above Cause The LDAP lookup succeeded but the attribute chosen for the replacement value does not exist or has no value Resolution See section 7 2 2 for editing an existing fileshare Cause The UNC Path option for the Fileshare was not defined Resolution See section 7 2 2 for editing an existing fileshare Cause After the file is scanned the number of bytes scanned is compared to size of the file written and they are not the same Resolution This typically means the fileshare is full or the user has reached their disk quota Check the free space disk quota on the fileshare Cause After the file is scanned the number of bytes scanned is compared to the size of the file written to insure no error occurred The user does not have read access to the fileshare so the file size cannot be determined Resolution The user needs to be given read access to the fileshare Cause An invalid character was included as part of the filename provided by the user Resolution The user cannot include the following characters in the filename lt gt 3 or A Cause The UNC Path used the IP address of the file server Resolution In orde
11. provided by Lexmark International Inc Go http 157 184 27 106 48 x Gooale e we amp Lexmark xesse A D eee Eae gt Gtoos Ready Lexmark X646e 4 Refresh Contact Device Sas Uninstall Start PY Stop Installed Solutions License Configuration 7 CAC Smartcard Support 0 None Required PKI Active Directory E A Application oe None Required Note The Name and Version of the Smartcard Driver Application displayed here may differ from what is displayed on your MFP 2 3 PKI Applications Once the firmware and Smartcard Driver have been installed the application files can then be installed 1 Continuing from the previous install step for the Smartcard Driver click Install Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go E http 157 184 27 106 f s gt lt Gooale we k Lexmark xesse a db y Page Gp Tools zi Ready Lexmark X646e ee Leena ae 4 ne Location Contact Installed Solutions License Configuration CAC Smartcard Support 0 i None Required PKI Active Directory E R Application Ga None Required Version 2 0 0 Page 6 2 Browse to the PKI Authentication Application solution file pkiad 2_0_0 fls and click Start Install Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc f
12. 106 49 x Google We de Lexmarkx64se Ready LEXMARK Refresh M D MEL gt 1d Lexmark X646e IP Address 157 184 27 106 Location Contact Configuration Network Ports TCP IP IPv6 IPSec 802 1x Authentication Certificate Management SNMP E mail Server Setup q Address Book Setup Standard Network Standard USB NetWare AppleTalk LexLink TCP IP Port Access Custom Link Setup Reset Print Server Version 2 0 0 Page 13 rae all 3 The Email Server Setup screen is displayed ection 5 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc E X A http 157 184 27 106 ESA mx Pr ae Lexmark x646e B Am li Page Of Tools Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK Location 4 A Refresh Contact HA Configuration Device Status KO E mail Server Setup Scan Profile Primary SMTP Gateway mail lexmark com Primary SMTP Gateway Port 25 lt q Port Number 25 Range 1 65534 Configuration HU 5 ____________ Secondary SMTP Gateway Reports Secondary SMTP Gateway Port 25 lt q Port Number 25 Range 1 65536 SMTP Timeout 130 Range 5 30 seconds Authentication SMTP Server y Fax Forwarding always uses Authentication Device Userid and password Device Userid Device password Reply Address Required Scanned Document Subject Limit 255 characters Ple
13. 6 we ae Lexmark x646e SEE P X d ii Page Cf Tools Ready LEXMARK Refresh Lexmark X646e IP Address 157 184 27 106 Location Contact Solutions System Network License Device Status Scan Profile Configuration PKIAD Email Configure License Reports Description Links amp Index Version Applications Vendor name Vendor email Vendor web site Vendor phone Provides Email Interf for PKVAD Users 2 0 0 Lexmark International Inc kxksolv lexmark com www lexmark com US Canada 1 888 LXKSOLV option 4 Other Consult your local sales rep Lo Local intranet 4 The following table lists each setting and the corresponding Pre Installation Section Item that contains the value needed for that field User Can Change Subject Section 5 3 Item 1 User Can Change Message Section 5 3 Item 2 User Can Send Multiple Emails Section 5 3 Item 4 User Can Change Scan Options Section 5 3 Item 3 From Address LDAP From Email Address Device Password Section 5 2 Item 2 Only used if Authentication set to Device If Card Email Address is chosen this option is not used otherwise see Section 5 4 2 Item Z Version 2 0 0 Device Userid Section 5 2 Item 2 Only used if Authentication set to Device Page 36 Sign Email Section 5 6 1 Item 1 Encrypt Email Section 5 6 2 Item 1 Require Email to be Signed or Section 5 6 3 after table Encrypted
14. LEXMARK PKI Enabled MFP Installation and Configuration Guide Version 2 0 0 www lexmark com PKI Installation and Configuration Guide Edition June 2008 The following paragraph does not apply to any country where such provisions are inconsistent with local law LEXMARK INTERNATIONAL INC PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Some states do not allow disclaimer of express or implied warranties in certain transactions therefore this statement may not apply to you This publication could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes will be incorporated in later editions Improvements or changes in the products or the programs described may be made at any time Comments about this publication may be addressed to Lexmark International Inc Department F95 032 2 740 West New Circle Road Lexington Kentucky 40550 U S A In the United Kingdom and Eire send to Lexmark International Ltd Marketing and Services Department Westhorpe House Westhorpe Marlow Bucks SL7 3RQ Lexmark may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you Kingdom and Eire call 44 0 8704 440 044 In other countries contact your point of purch
15. MFP to communicate with the SMTP Server 8 4 Scan To Network Issues Error Message Symptom Possible Cause Resolution You are not authorized to use this Cause User authorization is enabled for Scan To feature Network and the user is not in an Active Directory group that is authorized to use this function Resolution This is not an error if this user needs access to Scan to Network the authorization list needs to be expanded to include an Active Directory group that includes this user This feature is not available because no Cause The PKI AD Scan to Network solution has fileshares have been configured by the been installed but no Fileshare destinations have system administrator been defined Resolution See section 7 2 1 for adding fileshares This feature is not available because Cause All fileshares that have been defined have you are not authorized to scan to any of user authorization enabled and this user is not in the available file shares Active Directory group that is authorized for any of the defined shares Resolution This is not an error if this user needs Version 2 0 0 Page 51 An LDAP error occurred trying to retrieve the selected file share destination No UNC Path has been defined for this destination The scanned file size and saved file size do not match User does not have read access to the file share unable to verify the file size Invalid filename specified An error occurred connecting
16. RINTER US ASCII alphanumeric characters and hyphen only mark com Set static IP address If DHCP or BOOTP is not on the network if DHCP or BOOTP is not on the network Comma delimited list Example my business com server mine com Comma delimited list of up to 10 IP Addresses who are allowed to make TCP connections Example v OO O Local intranet Rio 4 If using a Static IP Address also check the WINS and DNS Server Address and make sure there is a valid value specified for each If a backup DNS Server is available set that value as well 5 Ifany changes were made click Submit to apply the new values 3 3 Email Server Setup If Scan to Email is to be allowed on this device the Email Server settings must be configured otherwise this section can be skipped Version 2 0 0 Page 12 49 x Google 122 Ready LEXMARK Refresh Configuration Default Settings General Settings Copy Settings Fax Settings E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Set Date and Time 2 Click Email Server Setup gt Gah Eheee reos gt Lexmark X646e IP Address 157 184 27 106 Location Contact Other Settings Network Ports aa Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Embedded Solutions Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc E http J157 184 27
17. Resolution This is the Kerberos Port and is used by the MFP to communicate with the KDC The port must be opened between the MFP and KDC in order for authentication to work Cause This error occurs during a manual login and indicates the Windows domain is not specified in the Kerberos Configuration file Resolution If using the PKI AD Authentication solution for the Kerberos settings add the Page 47 Windows domain in lower case to the Kerberos Domain setting For example if the user s domain is x y z set the Kerberos Domain to mil mil x y z Resolution If using a Kerberos Configuration File add a mapping to the domain_realm section the maps from the lower case windows domain to the uppercase realm similar to the existing mapping for the mil domain Realm on the card was not found in the Cause This error occurs during a card login and Kerberos Configuration File indicates the Kerberos Realm referred to does not exist in the Kerberos Configuration File Resolution The PKI AD Authentication solutions Kerberos settings cannot be used to support multiple Kerberos Realms Refer to the PKI Pre Installation Guide for creating a Kerberos Configuration File Resolution A Kerberos Configuration File is already being used the realms section of the configuration file needs to be updated to include the missing realm Client name unknown Cause The KDC being used to authenticate the user
18. To NEWEST ae ee RG eG te 51 Version 2 0 0 Page iv PKI Installation and Configuration Guide Version 2 0 0 Page v 1 Background Information This document assumes you have read and completed the Pre Installation Guide for the Lexmark PKI Enabled MFP If not please consult that guide before continuing with the installation Numerous mentions will be made throughout this document to the information that was gathered using that document Before proceeding with the install make sure the following has taken place 1 The MFP has been unboxed and setup as according to the end user manual 2 The MFP has been assigned an IP Address and is connected to the LAN 3 You can use the web browser to navigate to the MFP s webpage This can be done by entering the MFP s IP Address in the address bar of the web browser Once this has been verified for each MFP that will be PKI enabled you are ready to proceed Version 2 0 0 Page 1 2 Installing the Firmware and Applications The PKI application support comes in three parts e PKI AD Firmware e Smartcard Driver e PKI Applications All three need to be installed in order to activate PKI support The SmartCard Reader cannot be installed on the MFP prior to completing all the steps in this section 2 1 Firmware Update NOTE Installing the PKI AD Firmware will remove any previously installed embedded solutions However any settings that have already been configured for the device itself will
19. VERS 8 DOWNLOADS t a db Ep Page GQ Tools Lexmark X646e IP Address 157 184 27 106 Location Contact a PKI AD Scan To Network Information Configure FileShares License Configuration Version 2 0 0 Page 42 6 gt e le http 157 184 27 106 E We de 88 texmarkxes6e X DRIVERS amp DOWNLOADS L f fab gt Page Of Tools Ready Lexmark X646e IP Address 157 184 27 106 Location Contact Solutions System Network License PKI AD Scan To Network Scan Profile B Information Configure File Shares License Refresh Configuration A File Share All Users Can Use Reports Authorization Only Users in Groups Listed Can Use EE Currently there are no instances All Users Except those in Groups Listed Can Use Links amp Index Authorization List 0 Display Name 0 UNC Path 0 Replacement Value METADATA Email Address EDIPI LDAP Lookup 0 Replacement Lookup MEAN LDAP MFP Default User Credentials LDAP Configuration 1 LDAP Configuration 2 LDAP Configuration 3 LDAP Replacement Attribute Default Filename scanned image Allow User to y 0 Rename File Append Timestamp to f Filename Remove from Fileshare Name Create Directory Apply Status Click Apply to save settings 3 ns Loca
20. a valid digital signature could not be found on your card The email cannot be sent because it cannot be digitally signed when a manual login is performed Email cannot be sent Unable to find valid encryption certificate for email address Unable to send email Version 2 0 0 Cause Using manual login and the From Email Address is configured to come from the card Resolution If manual login is allowed the From Email Address must come from LDAP since a card may not or can not be used Modify the PKI AD Email settings to get the From Address from LDAP Cause The LDAP lookup failed Resolution See section 8 2 above Cause User authorization is enabled for email and the user is not in an Active Directory group that is authorized to use this function Resolution This is not an error if this user needs access to email the authorization list needs to be expanded to include an Active Directory group that includes this user Cause The user is required or chose to digitally sign the email but a certificate valid for signing emails was not found on the card Resolution An email can only be signed if a certificate valid for signing is on the card By default the non repudiation option is required for the signing certificate If your certificates do not have this this can be disabled in the PKI AD Email solution settings Cause Emails can only be digitially signed if the user logs in with a card Resolution Se
21. ain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in thedocumentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Version 2 0 0 Page 111 PKI Installation and Configuration Guide Table of Contents Lexmark Software License AgreemM nt serseriye iiis gestii ley aeos tage seavale salen sang bas ea rasai Es 11 Other NOUS o A A IA E DAA ED TA A A A 111 l Background Iommi ii 1 2 Installing the Firmware and Applications cescceessecesnceceesceceeececeeaeeceeeeeceseeeecseeeecseeeesaes 2 2 1 Firmware Update vin nie 2 22 Smartcard A o ie I Re le 3 2 3 PKL Applications as 6 3 Con
22. al ecos A gt Do ee Grow gt E http 157 184 27 106 we k Lexmark x646e Lexmark X646e Ready IP Address 157 184 27 106 LE 4 y IARE lt Refresh posano CApki pkiad 2 0 0 fis 4 l x Google R D reo ros E http 157 184 27 106 w k Lexmark x646e Ready Lexmark X646e IP Address 157 184 27 106 LE XI y IARE lt Refresh ir The following solutions were successfully installed PKI AD Authentication Version 2 0 0 Page 7 4 Repeat steps 1 3 to install each of the following PKI applications If a particular function will not be used it does not need to be installed PKI Function Solution File User Authorization for Copy Fax and or FTP pkistdapps 2_0_0 fls pkiemail 2_0_0 fls pkinetworkscan 2_0_0 fls 5 The list of installed solutions should now include all or some of the following Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DER er j v http 157 184 27 106 192 We de Blexmarkxs46e dh Ey Page G Tools Ready Lexmark X646e IP Address 157 184 27 106 Contact AAA Solutions System Network License Device Status Scan Profile Installed Solutions Version State License Configuration CAC Smartcard Support 2 0 0 Running None Required Reports Minska PKI Active Directory App
23. alidation Mode Section 3 2 2 1 1 OCSP Responder URL Section 3 2 2 1 1 Item 1 The format should be http lt ipaddress gt lt port gt Separate multiple URLs with a comma OCSP Proxy URL Section 3 2 2 1 1 Item 2 The format should be http lt ipaddress gt lt port gt Only one value is allowed OCSP Responder Certificate Section 3 2 2 1 1 Item 4 OCSP Responder Timeout Section 3 2 2 1 1 Item 3 Use MFP Kerberos Setup Section 3 2 2 Item 2 If One Kerberos Realm is selected uncheck this box the next three settings should be filled in Otherwise check this box and the following three settings are not needed Kerberos Realm Section 3 2 2 Item 2 Kerbeos KDC Section 3 2 2 Item 1 ON If there are multiple KDCs enter them all here separated by a comma Manual Login is allowed other values may be needed Version 2 0 0 Page 24 A A A a Manual Login Default Domain Section 3 2 2 2 Item 1 This domain should be added to the Kerberos Domains listed above MFP Default Card Lookup Section 3 2 2 1 2 Item 1 Field Version 2 0 0 Page 25 4 2 Custom LDAP Settings If you have defined a custom LDAP configuration that differs from the MFP s Default LDAP Configuration continue with this section otherwise it can be skipped After selecting PKI AD Authentication from the Embedded Solutions list click the LDAP Configuration tab Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go E
24. ase References in this publication to products programs or services do not imply that the manufacturer intends to make these available in all countries in which it operates Any reference to a product program or service is not intended to state or imply that only that product program or service may be used Any functionally equivalent product program or service that does not infringe any existing intellectual property right may be used instead Evaluation and verification of operation in conjunction with other products programs or services except those expressly designated by the manufacturer are the user s responsibility ImageQuick Optra Lexmark and Lexmark with diamond design are trademarks of Lexmark International Inc registered in the United States and or other countries Other trademarks are the property of their respective owners Copyright 2007 2008 Lexmark International Inc All rights reserved UNITED STATES GOVERNMENT RIGHTS This software and any accompanying documentation provided under this agreement are commercial computer software and documentation developed exclusively at private expense Version 2 0 0 Page i PKI Installation and Configuration Guide Lexmark Software License Agreement PLEASE READ CAREFULLY BEFORE INSTALLING AND OR USING THIS SOFTWARE This Software License Agreement License Agreement is a legal agreement between you either an individual or a single entity and Lexmark Internationa
25. ase see the attached document Message Limit 512 characters Send me a copy Never appears x Max E mail Size 0 Mail above this size as measured in KB will not be sent 0 no limit 0 65535 Size Error M Message sent when an e mail is above the configured size limit 1024 characters re essaae y Local intranet A 100 Fill in the Primary SMTP Gateway and Port If available fill in the Secondary SMTP Gateway and Port Provide a default email subject and message The Reply Address is not necessary since it will be set to the logged in user s email address 4 Review any of the other settings and then click Submit 3 4 Address Book Setup The Address Book Setup serves as the default LDAP setup for the MFP Configuring this allows for searching the global address book when sending an email and allows the PKI Applications to lookup information such as the home directory of the logged in user Version 2 0 0 Page 14 49 x Google 122 Ready LEXMARK Refresh Configuration Default Settings General Settings Copy Settings Fax Settings E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Set Date and Time 2 Click Address Book Setup gt Gah Eheee reos gt Lexmark X646e IP Address 157 184 27 106 Location Contact Other Settings Network Ports aa Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Embedde
26. click Embedded Solutions Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc GO http 1157 184 27 106 we ge Lexmark x a e 9 gt lt Pir gt Gl mee Ey Poge gt Gtoos gt Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK fates Refresh Contact Configuration Device Status Default Settings Other Settings Scan Profile 2 General Settings Configuration Copy Settings Fax Settings Reports E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Embedded Solutions Ga Set Date and Time Network Ports Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Local intranet E 100 Version 2 0 0 Page 31 2 Select the PKI AD Standard Apps solution by clicking its name Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DOr E http 157 184 27 106 ts x Google e Ready Lexmark X646e ARK Hekes Location Version 2 0 0 Contact Solutions A D Lee GTa Install Uninstall Start Stop Installed Solutions License CAC Smartcard Support None Required PKI Active Directory Application None Required PKIAD Authentication None Required PKIAD Email None Required PKIAD Scan To Network None Required PKVAD Standard Apps a 2 0 0 None Required
27. curity testing If you have such statutory rights you will notify Lexmark in writing of any intended reverse engineering reverse assembly or reverse compilation You may not decrypt the Software Program unless necessary for the legitimate Use of the Software Program 7 ADDITIONAL SOFTWARE This License Agreement applies to updates or supplements to the original Software Program provided by Lexmark unless Lexmark provides other terms along with the update or supplement LIMITATION OF REMEDIES To the maximum extent permitted by applicable law the entire liability of Lexmark its suppliers affiliates and resellers and your exclusive remedy shall be as follows Lexmark will provide the express limited warranty described above If Lexmark does not remedy defective media as warranted you may terminate your license and your money will be refunded upon the return of all of your copies of the Software Program Other Notices This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolit See http www openssl org for more information This product includes software developed by Copyright c 2002 Juha YrjAQIAx All rights reserved Copyright c 2001 Markus Friedl Copyright c 2002 Olaf Kirch Copyright c 2003 Kevin Stefanik Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must ret
28. d Solutions Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc es x we k Lexmark 6462 DOS Version 2 0 0 Ready Refresh DD dee gt Grow Lexmark X646e IP Address 157 184 27 106 Location Contact Configuration Default Settings General Settings Copy Settings Fax Settings E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Set Date and Time Other Settings Network Ports Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Embedded Solutions Page 34 2 Select the PKI AD Email solution by clicking its name Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DOr E http 157 184 27 106 ts x Google e Ready Lexmark X646e IP Address 157 184 27 106 Version 2 0 0 Contact Solutions A D Lee GTa Install Uninstall Start Stop Installed Solutions License CAC Smartcard Support None Required PKI Active Directory Application None Required PKIAD Authentication None Required PKVAD Email A None Required PKIAD Scan To Network None Required PKIWAD Standard Apps None Required Page 35 3 Click the Configure Tab Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc v E http 157 184 27 10
29. d Solutions Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc E http J157 184 27 106 49 x Google We de Lexmarkx64se Ready LEXMARK Refresh M D MEL gt 1d Lexmark X646e IP Address 157 184 27 106 Location Contact Configuration Network Ports TCP IP IPv6 IPSec 802 1x Authentication Certificate Management SNMP E mail Server Setup Address Book Setup a Standard Network Standard USB NetWare AppleTalk LexLink TCP IP Port Access Custom Link Setup Reset Print Server Version 2 0 0 Page 15 o 3 The Address Book Setup page is displayed items 1 7 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DER O yy http 1157 184 27 106 Pl Y Re Lexmark X646e 2 em ip Page iG Tools Ready Lexmark X646e LEXM ARK IP Address 157 184 27 106 Refresh Location Contact Configuration Device Status O Address Book Setup Scan Profile Server Address mail Ixbp bp lexmark com Server Port 389 Default 389 Configuration Use SSUTLS Reports LDAP Certificate Verification Allow Use GSSAPI Links amp Index Mail Attribute mail z Fax Number Attribute facsimiletelephonenumber Applications Search Base CN Users DC Ixbp DC bp Search Timeout 30 Range 5 300 seconds Displayed Name Longest of cn or givenName sn Max Sea
30. does not know the User Principal Name 12345678 0 mil specified in the error message Resolution Verify the KDC specified in the Kerberos settings is the correct one to be using Login hangs for a long time at Getting Cause The LDAP lookup is taking a long time to User Info complete Resolution See the LDAP Troubleshooting section below User is almost immediately logged out Cause The Auto Log Out timeout is set too short after logging in Resolution See section 3 5 to configure this setting 8 2 LDAP Issues Error Message Symptom Possible Cause Resolution LDAP lookups at Getting User Info Cause The user s credentials are being used to during login or searching the address connect to the LDAP server but the hostname for book take a long time and then fail the LDAP server was not used Resolution When the user s credentials are used to connect to the LDAP server the hostname of the LDAP server must be used instead of the IP address Check the LDAP configuration Cause Port 389 non SSL or Port 636 SSL is Version 2 0 0 Page 48 LDAP lookups searching address book getting user s email address getting user s home directory fail almost immediately Version 2 0 0 blocked by a firewall Resolution These ports are used by the MFP to communicate with the LDAP Server and must be open in order for LDAP lookups to work Cause Reverse DNS lookup are disabled on the network Resoluti
31. exmark xe46e Ready Lexmark X646e LEXMARK Location 4 Refresh Contact Le General Settings Network Ports Configuration Copy Settings Email Alert Setup Fax Settings Security a E mail FTP Settings Manage Shortcuts Scan to USB Settings Update Firmware Print Settings Import Export Paper Menu Embedded Solutions Set Date and Time 2 Click Certificate Management Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc E http 157 184 27 106 ts x cocate e Ve di lexmark x646e A El ah Pose gt G tools Ready Lexmark X646e LEXM ARK IP Address 157 184 27 106 Location Refresh ci Configuration Security A ntication Method Authentication disabled Y When Authentication disabled is selected Function Access settings requiring User IDs or passwords are ignored gt Range 1 900 seconds This is the delay at the Home screen before an authenticated user Ao Tofoa daly Ea is automatically logged off Scan to PC Port Range 9751 12000 Enter numerical values separated by Function Access Certificate Management aa Confidential Print Setup Password Protect Create Change Password Internal Account Management Kerberos Setup LDAP Authentication Setup TCP IP Port Access IPSec SNMP NTLM Authentication Setup MFP Credentials Version 2 0 0 Page 20 3 Click
32. f CAC Smartcard Support 0 Running None Required PKI Active Directory Application Running None Required PKI AD Authentication UI 0 Running None Required PKIAD Email 0 Running None Required PKIAD Scan To Network 0 Running None Required PKIAD Standard Apps 0 None Required 4 1 General Settings After selecting PKI AD Authentication from the Embedded Solutions list click the Configure tab Version 2 0 0 Page 23 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc G Dp E http J 157 184 27 106 Ale Y k Lexmark x646e SAN Mm sp Page Of Tools Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK Rahal Location Contact Solutions System Network License PKI AD Authentication Configure LDAP Configuration License Configuration Reports Description Provides PKI i against Active Directory to enable access to the MFP Links amp Index Version 2 0 0 Vendor name Lexmark International Inc Applications Vendor email Ixksolv lexmark com Vendor web site www lexmark com Vendor phone US Canada 1 888 LXKSOLV option 4 Other Consult your local sales rep 9 Internet The following table lists each setting and the corresponding Pre Installation Section Item that contains the value needed for that field Setting Corresponding Pre Installation Guide Section Item User Validation Mode DC V
33. figuring the Basic MFP Settings sseesssessssssessseresseeesseeesseesseesseesseeesseeessresseessesseeesseee 9 3 1 Date ahd TiME ges a ies Stern ed e R es pela eds ei as 9 32 gt TERESA a A A A E saben eee 10 3 3 E A EE E EE E E E A E E 12 3 4 Address BOOK SED aaa ii 14 3 5 Auto Lo Uli a dt riders 18 3 6 Certificate Manara iii 19 4 Configuring PK AD Authentication ssataee a tnrad aaasqas eo ee ieoea Sade ec erase 22 4 1 General Settings resina tii 23 AD Custom LDAP SMS is yeas i ren aa esios ge iS 26 4 2 1 Adding a New Cond A A a a ib 27 4 2 2 Editing an Existing Configuration 0 cee ccceessecesseeceesceceeneeceseeeecseeeceeeeesteeeenaeees 29 4 2 3 Removing an Existing Configuration ccceeeececssececeeececeeeeeceeeeesneeeeseeeenaeeees 30 5 Configuring PKI AD Standard Applications ooonnccconococnnncccnnncnononononononononocnnnnnnonnncnnnnnccnnnos 31 6 a A a teat us aa deauais a A bast aus antbegeas bases 34 7 Configuring PKI AD Scan to Network srscicssanasccsscasctes ilatina iia taa caras 38 7 1 General SEM iii io tidad ds i 39 PD A EEE 41 7 2 1 Adding a New Fileshat ii it Salata al eras 42 L22 Editing an Existing Fileshare unir eii 44 1 2 3 Removing an Existing Fileshare esss iccsdisscies less deneadesatenseasbnassene ated sndecoenadesguagbewecocens 45 Ss Trouble UNS ad Ad 46 8 1 O 46 8 2 EDAP A e re eRe D A Seer A Pe Uren Mm rer nee Eee 48 8 3 scan Lo Email Issues ita ikl ted arn ener 50 8 4 Scan
34. from Lexmark or an Authorized Lexmark Reseller or Distributor Lexmark will replace the Software Program should it be determined that the media does not conform to this limited warranty 2 DISCLAIMER AND LIMITATION OF WARRANTIES EXCEPT AS PROVIDED IN THIS LICENSE AGREEMENT AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW LEXMARK AND ITS SUPPLIERS PROVIDE THE SOFTWARE PROGRAM AS IS AND HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS EITHER EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO TITLE NON INFRINGEMENT MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ABSENCE OF VIRUSES ALL WITH REGARD TO THE SOFTWARE PROGRAM This Agreement is to be read in conjunction with certain statutory provisions as that may be in force from time to time that imply warranties or conditions or impose obligations on Lexmark that cannot be excluded or modified If any such provisions apply then to the extent Lexmark is able Lexmark hereby limits its liability for breach of those provisions to one of the following replacement of the Software Program or reimbursement of the price paid for the Software Program 3 LICENSE GRANT Lexmark grants you the following rights provided you comply with all terms and conditions of this License Agreement a Use You may Use one copy of the Software Program The term Use means storing loading installing executing or displaying the Software Program If Lexmark has licensed the Software Program to you for concu
35. he delay at the Home screen before an authenticated user Configuration Auto Log out delay a lt a logged off Scan to PC Port Range 9751 12000 Enter numerical values separated by Reports Function Access Certificate Management Confidential Print Setup Password Protect Create Change Password Internal Account Management Kerberos Setup LDAP Authentication Setup TCP IP Port Access IPSec SNMP NTLM Authentication Setup MFP Credentials D S etn J Local intranet E 100 3 Click Submit Pre Installation 3 6 Certificate Management Sections 2 5 item 3 Certificates are needed for SSL support in LDAP lookups and for Domain Controller oe 81 verification All certificates needed by the device must be in PEM Base64 format and combined into one file Since the certificates are in PEM format they can easily be cut and paste into a single file such as BEGIN CERTIFICATE MITIE1jJCCA76gAwIBAgIOY6sVOKL3t IhBtlr4gHG85zANBgkqhkiG9wOBAQUFADBs T 13DTbPe0mnIbTq0iWwgqKEaVnelvvaDt52iSpEQyevwgUcHD16rFy sOnCaQ END CERTIFICATE SSS BEGIN CERTIFICATE MIIE1zCCA7 gAwI BAgIQZWAEBZ th L5AKmby 1 9hgSzANBgkqhkiG9w0BAQUFADBn 13DTbPeOmnIbTqo0iWqKEaVnelvvaDt 52iSpEQyevwgUcHD1 6rFy sOnCaQ END CERTIFICATE Version 2 0 0 Page 19 E http 157 184 27 106 x Gooale We di l
36. ication Certificate Management SNMP E mail Server Setup Address Book Setup Standard Network Standard USB NetWare AppleTalk LexLink TCP IP Port Access Custom Link Setup Reset Print Server pe i 3 Check the value in the Domain Name field Set it to the value listed in Pre Installation ect a Section 2 4 Item 1 If there are any other values given in Items 2 to 4 add them to the Domain Search Order multiple domain names should be separated by a comma Version 2 0 0 Page 11 Pre Installation Section 2 2 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go y le http J 157 184 27 106 y x soog Plz k de texmark ease Ready Refresh fh gt BG mb e Pag G Tools ha Lexmark X646e IP Address 157 184 27 106 Location TIS Lab Contact Nick Barker Configuration TCP IP Set Hostname Domain Name Address Netmask Gateway Configuration Enable DHCP Enable RARP Enable BOOTP Enable AutolP Enable FTP TFTP HTTP Server Enabled WINS Server Address DNS Server Address Backup DNS Server Address Domain Search Order Restricted Server List ET000400238D74 dhcp lexmark com 157 184 27 106 255 255 255 0 157 184 27 1 Y v v 157 1184 157 1184 157 1184 1xbp bp lexmark com Example BOBS P
37. ing Pre Installation Section Item that contains the value needed for that field Setting Corresponding Pre Installation Guide Section Item Section 6 1 Item 1 Up Icon To use a different icon contact Lexmark to get a blank button to be used as the base button to be used as the base Version 2 0 0 Page 40 7 2 Fileshare Settings After selecting PKI AD Scan To Network from the Embedded Solutions list click the File Shares tab to define one or more fileshares that users can access At least one fileshare must be defined or the user will see an error that this feature has not yet been configured Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DOR OO Emounsr s04 27 081 El x Lecca e m Lexmark X646e Ready x 4 DRIVERS amp DOWNLOADS L l A D r Ere A Lexmark X646e IP Address 157 184 27 106 Version 2 0 0 Provides Scan to Network Capability fi Version 2 0 0 Vendor name Lexmark International Inc Vendor email Ixksolv lexmark com Vendor web site www lexmark com Vendor phone US Canada 1 888 LXKSOLV option 4 Other Consult your local sales rep Page 41 7 2 1 Adding a New Fileshare 1 Click New to create a new Fileshare Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DEX http 157 184 27 106 4 gt x cooate e x q DRI
38. ion 4 Refresh Installed Solutions State License Configuration f CAC Smartcard Support 0 Running None Required PKI Active Directory Application Running None Required PKIAD Authentication 0 Running None Required PKV AD Email 0 Running None Required PKVAD Scan To Network lt Q 2 0 0 Running None Required PKI AD Standard Apps 2 0 0 None Required 7 1 General Settings After selecting PKI AD Scan To Network from the Embedded Solutions list click the Configure tab Version 2 0 0 Page 39 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc G e le http 157 184 27 106 a k f gt Lexmark x646e X q DRIVERS amp DOWNLOADS L g dh p Page Qi Tools Ready Lexmark X646e LEXM ARK IP Address 157 184 27 106 Location Rakesh Contact Solutions System Network License PKI AD Scan To Network Device Status Scan Profile SS Configure File Shares License Configuration Reports Description Provides Scan to Netwak Capability for PK AD Users Links amp Index Version 2 0 0 Vendor name Lexmark International Inc Applications Vendor email Ixksolv lexmark com Vendor web site www lexmark com Vendor phone US Canada 1 888 LXKSOLV option 4 Other Consult your local sales rep 4 Local intranet R100 The following table lists each setting and the correspond
39. ion and provide the MFP s Distinguished Name and Password The Kerberos settings are not used Click Submit 3 5 Auto Logout 1 Click Configuration and then click Security Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go http 157 184 27 106 s x cooale w k Lexmark resse gt Do Sh ey ao G Toos Ready Lexmark X646e IP Address 157 184 27 106 EX M ARK Location 4 r Refresh Contact EA Default Settings Other Settings i General Settings Network Ports Configuration Copy Settings Email Alert Setup Fax Settings Security q E mail FTP Settings Manage Shortcuts Scan to USB Settings Update Firmware Print Settings Import Export Paper Menu Embedded Solutions Set Date and Time Version 2 0 0 Page 18 Pre Installation 2 Set the Auto Log out delay value Section 3 4 1 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Ge e http J157 184 27 106 y 6 x cx we amp Lexmark x646e 5 am pPage Of Tools E Ready Lexmark X646e LEXM ARK IP Address 157 184 27 106 4 Refresh Location Contact Configuration Device Status Security Scan Profile Authentication Method Authentication disabled A When Authentication disabled is selected Function Access settings requiring User IDs or et passwords are ignored s r e 1 900 seconds This is t
40. l Inc Lexmark that to the extent your Lexmark product or Software Program is not otherwise subject to a written software license agreement between you and Lexmark or its suppliers governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product The term Software Program includes machine readable instructions audio visual content such as images and recordings and associated media printed materials and electronic documentation BY USING AND OR INSTALLING THIS SOFTWARE YOU AGREE TO BE BOUND BY ALL THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT IF YOU DO NOT SO AGREE DO NOT INSTALL COPY DOWNLOAD OR OTHERWISE USE THE SOFTWARE PROGRAM IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE AGREEMENT PROMPTLY RETURN THE PRODUCT UNUSED AND REQUEST A REFUND OF THE AMOUNT YOU PAID IF YOU ARE INSTALLING THIS SOFTWARE PROGRAM FOR USE BY OTHER PARTIES YOU AGREE TO INFORM THE USERS THAT USE OF THE SOFTWARE PROGRAM INDICATES ACCEPTANCE OF THESE TERMS 1 STATEMENT OF LIMITED WARRANTY Lexmark warrants that the media e g diskette or compact disk on which the Software Program if any is furnished is free from defects in materials and workmanship under normal use during the warranty period The warranty period is ninety 90 days and commences on the date the Software Program is delivered to the original end user This limited warranty applies only to Software Program media purchased new
41. l intranet 100 3 Use the following table to configure the settings Replacement Value If the UNC Path does not have a u this setting can be skipped otherwise see Section 6 2 Item 5 setting can be skipped otherwise see Section 6 2 Item 5 setting can be skipped otherwise see Section 6 2 Item 5 Allow User to Rename File Section 6 2 Item 7 Append Timestamp to Filename Section 6 2 Item 8 Version 2 0 0 Page 43 Remove from Fileshare Section 6 2 Item 9 Name Section 6 2 Item 10 4 Click Apply 5 Repeat for each fileshare that needs to be created There is no limit to the number of fileshares that can be created 7 2 2 Editing an Existing Fileshare 1 Click the name of the Fileshare to be edited Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc 6 Gy y E http 11157 184 27 106 de de P rexmarkxetce Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK Refresh Location Contact Solutions System Network License Ln ERTS PKI AD Scan To Network Scan Profile o Information Configure File Shares License Configuration Reports O Home Directory Links amp Index Applications a Local intranet 2 The Fileshare Configuration page for that configuration will be displayed 3 Make any changes and then click Apply Version 2 0 0 Page 44 7 2 3 Removing an Existing Fileshare 1 Check the b
42. lication Running None Required Applications PKIAD Authentication 0 Running None Required PKVAD Email 0 Running None Required PKI AD Scan To Network 0 Running None Required PKI AD Standard Apps 0 Running None Required internet 100 Version 2 0 0 Page 8 3 Configuring the Basic MFP Settings This section describes the process for using the information obtained in the Pre Installation Guide to configure the basic MFP Settings Even if this device has been previously setup follow through these steps to make sure all settings necessary for the PKI capability to function correctly have been configured 3 1 Date and Time In order to login in to perform a Kerberos login the date and time must be within 5 minutes of the date and time of the Domain Controller The time can be set manually on the device or it can be acquired from a time server 1 Click Configuration and then click Set Date and Time Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc DER EJ 24 v http 157 184 27 106 w k Lexmark x646e mm v i Page Gf Tools Ready Lexmark X646e LEXM ARK IP Address 157 184 27 106 4 Refresh Location Contact Configuration Device Status Default Settings Scan Profile L General Settings Configuration Copy Settings Fax Settings Reports E mail FTP Settings Scan t
43. n Contact Configuration Address Book Setup Sener Address imal bp bp lexmark com Server Port 389 Use SSL TLS O LDAP Certificate Verification Allow Use GSSAPI O Mail Attribute mail Configuration Fax Number Attribute facsimiletelephonenumber Search Base CN Users DC Ixbp DC bp Search Timeout 30 Range 5 300 seconds Displayed Name Longest of cn or givenName sn Max Search Results 100 Range 5 500 MFP Credentials IS Search Attributes Search specific object classes Test LDAP Authentication Setup After submitting any changes use this link to verify the authentication setup Last Status Version 2 0 0 Page 17 Pre Installation Section 2 5 item 8 6 The MFP Credentials page is displayed Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go E http 1157 184 27 106 Y ke Lexmark resse DER e dh E page gt Goo gt Lexmark X646e IP Address 157 184 27 106 Location Contact Ready LEXMARK Refresh Configuration MFP Credentials Anonymous LDAP Bind MFP s Distinguished Name Configuration o lt a MFP s Password Kerberos Settings MFP Login MFP Password If connecting anonymously check the Anonymous LDAP Bind If connecting using a service account uncheck the Anonymous LDAP Bind opt
44. n PKI Active Directory Trepos Application L None Required Version 2 0 0 Page 4 3 Browse to the Smartcard Driver solution file and click Start Install See the table below for filename that corresponds to supported card types Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc TEE Go gt E http 157 184 27 106 Google e B w amp Lexmark xs4se E Page Toos Ready Lexmark X646e LEXMARK Location 4 dj Refresh Contact Solutions Install A New Solution Solution Install File CAcacadiscitcac 1_0_1 1Is Browse Configuration Start Install Retum Status Local intranet Rioo l Card Type Solution File CAC DOD scif cac 2_0_0 fls 4 Wait for the install to complete and then click Return Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go E http J 157 184 82 214 f s x ooge ag A E o E eae Gree Ready Lexmark X646e IP Address 157 184 82 214 LEXMARK Location 4 Refresh Contact Install A New Solution Solution Install File Start Install Return Status The following solutions were successfully installed CAC Smartcard Support Version 2 0 0 Page 5 5 There should now be two embedded solutions installed on the MFP Lexmark X646e Microsoft Internet Explorer
45. o USB Settings Print Settings Paper Menu Set Date and Time aa Other Settings Network Ports Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Embedded Solutions Version 2 0 0 Lo Local intranet e 100 Page 9 Pre Installation 2 The Date and Time screen is displayed Section 2 3 Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc AE Ge y v http 1157 184 27 106 tex Mal y we k lexmark x6460 a 5 mm v Page Of Tools Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK Location 4 Refresh Contact Configuration Device Status Set Date and Time Scan Profile Time Zone US Can Eastem Y Sets DST on off dates UTC offset and DST offset Current Date and 2007 08 20 11 44 Configuration Time Set Date amp Time YYYY MM DD HH MM NOTE For proper operation manually changing the date also requires R t L changing the Time Server to None DST Mode Automatic Daylight Savings Yes Y Changing this setting requires that the DST mode be set to Manual Time Server IP _ o Time Server Name 157 184 170 141 Allow NTP Broadcast J Submit Reset Form Local intranet 100 Tf setting the time manually If using a Time Server e Set the Time Zone e Set the Time Zone e Set the Date amp Time in the format shown e Leave Set Date amp Time blank Set DST Mode to Automatic Set
46. ok at the list of installed solutions If the SmartCard Driver is not installed complete section 2 2 If the PKI AD Authentication solution is not installed complete section 2 3 Cause The SmartCard Driver solution is not running Resolution Perform step 1 in section 2 2 Look at the list of installed solutions If the SmartCard Driver status is not Running check the box next to that solution and click Start Cause The PKI AD Authentication solution is not running Resolution Perform step 1 in section 2 2 Look at the list of installed solutions If the PKI AD Authentication solution status is not Running check the box next to that solution and click Start Login screen does not appear when the Cause The card is not recognized by the reader card is inserted Resolution Contact Lexmark Solutions HelpDesk for further assistance KDC and MFP clocks are different Cause The date and time on MFP are not within 5 Version 2 0 0 Page 46 beyond an acceptable range check the MFP s date and time Kerberos configuration file has not been uploaded The Domain Controller Issuing Certificate has not been installed The Domain Controller Issuing Certificate name of certificate has not been installed The KDC did not respond within the required time User s Realm was not found in the Kerberos Configuration File Version 2 0 0 minutes of each other Resolution Verify the date and time on the MFP see
47. on The MFP uses reverse DNS lookups to verify IP addresses If these lookups are disabled on the network check the Disable Reverse DNS Lookups option in the PKI AD Authentication solution settings Cause The LDAP search base is too broad in scope Resolution Narrow the LDAP search base to the lowest possible scope that will include all necessary users Cause The user s credentials are being used to connect to the LDAP server but IP address for the LDAP server was used Resolution When the user s credentials are used to connect to the LDAP server the hostname of the LDAP server must be used instead of the IP address Cause Port 389 is being used but the LDAP Server requires SSL to be used Resolution Change the LDAP Port to 636 check the Use SSL TLS checkbox change the LDAP Certificate Verification to Never Cause The LDAP search base is incorrect Resolution Correct the LDAP search base to be the lowest possible scope that will include all necessary users Cause The LDAP attribute being searched for is not correct Resolution Verify the LDAP attributes for email addresses and or the user s home directory is correct Page 49 8 3 Scan To Email Issues Error Message Symptom Possible Cause Resolution Email cannot be sent because an error occurred trying to get your email address Email cannot be sent because you are not authorized to perform this function The email cannot be sent because
48. ons System Network License PE PKI AD Authentication Scan Profile 2 Information Configure LDAP Configuration License Configuration ETE Configuration 2 Currently there are no instances besen Use KDC for LDAP O Server Server Address Configuration Server Port Use SSL TLS LDAP Certificate Validation Allow Try Demand Card Lookup Field MEE Email Address Subject Name EDIPI Search Attribute userPrincipalName Search Base Authentication User Credentials MFP User ID MFP Distinquished Name MFP Password Reset Tavo Status Click Apply to save settings Local intranet E 100 7 Referring to section 7 of the Pre Installation Guide use the following table to configure the settings 3 Configuration Configuration 1 uses Section 8 1 Configuration 2 uses A Section 8 2 Configuration 3 uses Section 8 3 Server Address Version 2 0 0 Page 28 MFP Distinquished Name Item 9 Only Used if Authentication is set to MFP User ID MFP Password Item 9 Only Used if Authentication is set to MFP User ID 4 Click Apply 5 Repeat for each custom configuration that needs to be created A maximum of three configurations can be created and each must be named a different configuration 4 2 2 Editing an Existing Configuration 1 Click the name of the Configuration to be edited Lexmark X646e Microsoft In
49. ox next to the fileshare to be removed 2 Click the Remove button Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc ales Ga v http 157 184 27 106 49 x Goo gle lel k k Lexmark esse Version 2 0 0 Q BB ee s Lexmark X646e IP Address 157 184 27 106 Location Contact Solutions a PKI AD Scan To Network Information Configure M File Shares License _ Home Directory Page 45 8 Troubleshooting This section details some of the common issues that occur when setting up the PKI enabled MFP Please review these and possible causes resolutions prior to contacting the Lexmark Solutions HelpDesk 8 1 Login Issues Error Message Symptom Possible Cause Resolution Unsupported USB Device Cause A supported SmartCard reader has been installed prior to the PKI firmware and applications being installed Resolution Remove the reader and complete section 2 of this guide The reader cannot be installed until the firmware and applications have been installed Cause A non supported SmartCard reader is attached Only the OmniKey reader shipped with the MFP is supported Resolution Removed the unsupported reader and attach the OmniKey reader MFP is at the Welcome Screen and not Cause The SmartCard Driver or PKI AD locked out Authenticatin solution is not installed Resolution Perform step 1 in section 2 2 Lo
50. r to connect to the fileshare using the user s credentials the hostname of the file server must be used See section 7 2 2 for editing an existing fileshare Cause The hostname of the file server could not be resolved to an IP Address Page 52 The network share name does not exist Cause The MFP connected to the file server but the on the specified file server share name does not exist Resolution Verify the share name is correct and that the user has read write access to that share Cause The share name is correct but ends in a Resolution Toggle the Remove from fileshare name setting available in the fileshare configuration See section 7 2 2 for editing an existing fileshare Version 2 0 0 Page 53 LEXMARK Lexmark and Lexmark with diamond design are trademarks of Lexmark International Inc registered in the United States and or other countries 2007 2008 Lexmark International Inc 740 West New Circle Road Lexington KY 40550 www lexmark com
51. rch Results 100 Range 5 500 MFP Credentials Search Attributes Search specific object classes Test LDAP Authentication Setup After submitting any changes use this link to verify the authentication setup Last Status Internet A 100 The following fields need to be filled in Corresponding Pre Installation Guide Section 4 2 Item Server Address Item 1 Use the hostname rather than the IP address Server Port Item 2 Use SSL TLS Item 3 LDAP Certificate Validation Item 4 Use GSSAPI Not used leave unchecked Mail Attribute Item 6 Fax Number Attribute Not used leave the default value Search Base Item 5 Search Timeout Item 7 Displayed Name This is the combination of LDAP attributes used to display the friendly name for the email address The default value of longest cn or givenName sn is usually ok Max Search Results Item 8 4 Click Submit once all answers have been provided Version 2 0 0 Page 16 aa 5 Ifusing the user s credentials to connect to the LDAP server no other changes are item8 necessary If connecting anonymously or using a service account then return to the Address Book Setup Screen and click MFP Credentials Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc g http 11157 184 27 106 s x sooge We e Blexmarkx6 6e M D mh Eae too Lexmark X646e IP Address 157 184 27 106 Locatio
52. rrent use you must limit the number of authorized users to the number specified in your agreement with Lexmark You may not separate the components of the Software Program for use on more than one computer You agree that you will not Use the Software Program in whole or in part in any manner that has the effect of overriding modifying eliminating obscuring altering or de emphasizing the visual appearance of any trademark trade name trade dress or intellectual property notice that appears on any computer display screens normally generated by or as a result of the Software Program b Copying You may make one 1 copy of the Software Program solely for purposes of backup archiving or installation provided the copy contains all of the original Software Program s proprietary notices You may not copy the Software Program to any public or distributed network C Reservation of Rights The Software Program including all fonts is copyrighted and owned by Lexmark International Inc and or its suppliers Lexmark reserves all rights not expressly granted to you in this License Agreement d Freeware Notwithstanding the terms and conditions of this License Agreement all or any portion of the Software Program that constitutes software provided under public license by third parties Freeware is licensed to you subject to the terms and conditions of the software license agreement accompanying such Freeware whether in the form of a discrete agreement
53. rtificate Management Certificate Authority Installation Changing this setting will cause the print server to reset Configuration Version 2 0 0 Page 21 4 Configuring PKI AD Authentication This application is required for the PKI enabled MFP This section details the configuration steps 1 68 y 6 hetpif157 184 27 106 Click Configuration and then click Embedded Solutions Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc x we k Lexmark x6468 DOS Version 2 0 0 Ready Refresh A GL he eos Gran gt Lexmark X646e IP Address 157 184 27 106 Location Contact Configuration Default Settings General Settings Copy Settings Fax Settings E mail FTP Settings Scan to USB Settings Print Settings Paper Menu Set Date and Time Other Settings Network Ports Email Alert Setup Security Manage Shortcuts Update Firmware Import Export Embedded Solutions SJ Local intranet Page 22 2 Select the PKI AD Authentication solution by clicking its name Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc Go E http 1157 184 27 106 f s x lt coge e w amp E Lexmark esse M D gt Eae gt Gtoos Ready Lexmark X646e LEXMARK Location 4 Refresh Installed Solutions State License Configuration
54. t the email signing option in the PKI AD Email solution settings to Disabled or Prompt User instruct users that perform a manual login to not choose the signing option Cause The encryption certificate for the specified email address was not found in the LDAP Directory specified by the Address Book Lookup in the PKI AD Email solution settings Resolution The encryption certificate is required for each recipient of the email Encrypted emails can only be sent to those recipients that are in the global address book Cause SMTP Server Authentication is set to Anonymous but the SMTP Server only allows an authenticated user to send email Page 50 Resolution Change the SMTP Server Authentication option in the PKI AD Email solution settings to User Credentials Resolution Add the IP Address of the MFP as an SMTP Relay Cause SMTP Server Authentication is set to User Credentials but the SMTP Server was specified used an IP Address Resolution In order to use the User Credentials for sending email the SMTP Server must be specified using the hostname See section 3 3 Cause SMTP Server Authentication is set to User Credentials but the SMTP Server reports GSSAPI is not supported Resolution Change the SMTP Server Authentication option in the PKI AD Email solution settings to Anonymous Cause Port 25 is blocked so the MFP is unable to connect to the SMTP server Resolution Access to port 25 is required in order for the
55. ternet Explorer provided by Lexmark International Inc G y v http 157 184 27 106 So w amp Lexmark x646e B dh Ready Lexmark X646e IP Address 157 184 27 106 LEXMARK PEE Location Contact Solutions System Network License Page Cf Tools PKI AD Authentication Information Configure LDAP Configuration License Configuration Configuration 1 Reports Links amp Index Applications Q Local intranet 2 The LDAP Configuration page for that configuration will be displayed 3 Make any changes and then click Apply Version 2 0 0 Page 29 4 2 3 Removing an Existing Configuration 1 Check the box next to the configuration to be removed 2 Click the Remove button Lexmark X646e Microsoft Internet Explorer provided by Lexmark International Inc http 157 184 27 106 ts x Gooale we amp Lexmark x646e M D de e Page gt G Tos gt Ready Lexmark X646e Refresh Information Configure M LDAP Configuration License New Y Configuration 1 Configuration 4 Local intranet Version 2 0 0 Page 30 5 Configuring PKI AD Standard Applications This application is only used 1f User Authorization is enabled for Copy Fax or FTP You can skip this section if this application has not been installed 1 Click Configuration and then
Download Pdf Manuals
Related Search