Even if the printer has been set up previously, make sure all settings have been configured to enable the security features of each application to work correctly.
To help prevent unauthorized access if a user leaves the printer unattended with a Smart Card inserted or while logged in, you can limit the amount of time a user stays logged in without activity. If the user does not touch the screen within the specified time, then the session ends and the user is logged out, even if a Smart Card is still inserted.
From the Embedded Web Server, click Settings or Configuration.
Click Security > Miscellaneous Security Settings > Login Restrictions.
Set the Panel Login Timeout value (in seconds). The recommended value is 30 seconds.
Click Submit.
| Note: In select printer models, you can automatically download the CA. For more information, see Installing certificates automatically. |
Before configuring Kerberos or domain controller settings, you must install the appropriate certificates on the printer. At minimum, you must install the certificate of the Certificate Authority (CA) that issued the domain controller certificate. The CA certificate is used for domain controller validation. Additional certificates can be installed if needed. For example, if you plan to use chain validation to validate the domain controller certificate, then you must install the entire certificate chain. Each certificate must be in a separate PEM (.cer) file.
For each certificate you want to install, do the following:
From the Embedded Web Server, click Settings or Configuration.
Click Security > Certificate Management > Certificate Authority Management > New.
Upload the file containing the certificate, and then click Submit.
| Note: The file must be in PEM (.cer) format. The contents of the file should resemble the following: |
-----BEGIN CERTIFICATE----- MIIE1jCCA76gAwIBAgIQY6sV0KL3tIhBtlr4gHG85zANBgkqhkiG9w0BAQUFADBs … l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ== -----END CERTIFICATE-----
For eSF v4.x printers, the CA certificate can be installed automatically.
| Note: Make sure to add the printer to the Active Directory Domain. For more information on how to add the printer to the Active Directory, see the Embedded Web Server Administrator's Guide for your printer. |
From the Embedded Web Server, click Settings or Configuration.
Click Security > Certificate Management > Certificate Authority Management > CA Cert Monitor Setup.
Select Enable CA monitor.
If you want to immediately install the CA certificate without waiting for the scheduled run time, then select Fetch immediately.
Click Submit.
Make sure all necessary TCP/IP settings have been configured.
From the Embedded Web Server, click Settings or Configuration.
Click Network/Ports > TCP/IP.
Under the TCP/IP heading, do the following:
Verify the domain name. Normally, the domain will be the same one assigned to user workstations.
If you are using a static IP address, then verify the WINS server address and the DNS server address. If a backup DNS server is available, then type the backup DNS server address.
If the printer is located in a different domain than the domain controller, any e-mail servers you are using, or any file shares to which printer users may need to scan, then list the additional domains in the Domain Search Order field. Separate each domain name with a comma. If everything is in the same domain, then you can leave the Domain Search Order field blank.
Click Submit.
In order for users to log in to the printer using Kerberos authentication, the time on the printer clock must be within five minutes of the time on the domain controller system clock. Printer clock settings can be updated manually, or they can be configured to use Network Time Protocol (NTP) to automatically sync with a trusted clock (typically the same clock used by the domain controller).
From the Embedded Web Server, click Settings or Configuration.
Click Security > Set Date and Time.
In the “Manually Set Date & Time” field, type the correct date and time in format.
| Note: Entering manual settings automatically disables the use of NTP. |
Select the correct time zone.
| Note: If you select (UTC+user) Custom, then you must configure additional settings under the Custom Time Zone Setup heading. |
If daylight saving time (DST) is observed in your area, then select Automatically Observe DST.
If you are located in a nonstandard time zone or in an area that observes an alternate DST calendar, then adjust the Custom Time Zone Setup settings.
Under the Network Time Protocol heading, verify that Enable NTP is not selected and that the NTP Server field is cleared.
Click Submit.
| Note: If your network uses Dynamic Host Configuration Protocol (DHCP), then verify that NTP settings are not provided by the DHCP server automatically before configuring NTP settings manually. |
From the Embedded Web Server, click Settings or Configuration.
Click Security > Set Date and Time.
Verify that the “Manually Set Date & Time” field is cleared.
Select the correct time zone.
| Note: If you select (UTC+user) Custom, then you must configure additional settings under the Custom Time Zone Setup heading. |
If daylight saving time is observed in your area, then select Automatically Observe DST.
If you are located in a nonstandard time zone or in an area that observes an alternate DST calendar, then adjust the Custom Time Zone Setup settings.
Under the Network Time Protocol heading, select Enable NTP, and then type the IP address or host name of the NTP server.
If the NTP server requires authentication, then do one of the following, depending on the options that are available:
Select MD5 key or Autokey IFF from the Authentication drop-down menu, and then click Install MD5 key or Install Autokey IFF params to browse to the file containing the NTP authentication credentials. Click Submit to install the file.
Select Enable Authentication, and then click Install auth keys to browse to the file containing the NTP authentication credentials. Click Submit to install the file.
Click Submit.