Xerox WorkCentre 5755 Manual

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide331
23Xerox Secure Access
Administrators can configure the device so that users must be authenticated and authorized before 
they can access specific services or areas. Xerox Secure Access provides a means of authenticating 
users via an authentication server and optional card reader.
This convenient security solution allows people to simply swipe the ID card at the device to unlock 
access to features that can be tracked for accounting and regulatory requirements.
Secure Access and Accounting
Secure Access can be enabled with Network Accounting and Xerox Standard Accounting fea t ure s t o 
provide accounting functionality.
Note:Secure Access cannot be enabled at the same time as Foreign Device Interface.
Information Checklist
Before starting the procedure, ensure the following items are available or tasks have been performed:
• Ensure the Xerox device is fully functional on the network. TCP/IP and HTTP protocols must be 
configured so that Internet Services can be accessed.
• Ensure the Xerox Secure Access authentication server is installed and configured with user 
accounts. Refer to the documentation with the authentication server to complete this task.
Contact your Xerox Sales Representative if you do not have the Xerox Secure Access 
authentication server.
Note:If you want authorization, there must be a mapping between the accounts created on the 
authentication server and accounts created in the Local User Information Database or remote 
Authorization server.
• Connect and configure your card reader, if required. Attach the card reader to the left hand shelf 
on the device. Place the controller box on the floor at the back of the device.
• Ensure that SSL (Secure Sockets Layer) is configured on the Xerox device via Internet Services.
• To configure Authorization locally, the User Information Database must be configured. For 
instructions, refer to User Information Database on page 173. There must be a mapping between 
the accounts created on the Authentication Server and the User Information Database (the user 
names must match so that the device can cross reference each user as they log in at the device).
• To configure Remote Authorization, the LDAP server must be configured on the device and 
Authorization Access configured. For instructions, refer to LDAP on page 115 and Authentication 
Configuration for LDAP/LDAPS on page 160. There must be a mapping between the accounts 
created on the Authentication Server and the LDAP server (the user names must match so that the 
device can cross reference each user as they log in at the device). 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide 332
Access Authentication Configuration
Note:To configure this feature or these settings access the Properties tab as a System 
Administrator. For details, refer to Access Internet Services as System Administrator on page 24.
1. From the Properties tab, click on the [Security] link.
2. Click on the [Authentication] link and select [Setup] in the directory tree.
3. The Xerox Access Setup page displays. In the Authentication, Authorization, and 
Personalization area click on the [Edit..] button.
4. In the Enablement area:
a. Select the required option from the [Alternate Authentication method on the machine's 
touch interface (Touch UI)] drop-down menu. The alternate login method provides an 
alternative method of accessing the device’s services if the smart card is unavailable. The 
option selected from the menu defines how the device will validate the user's access rights.
• Select [Username / Password Validated Locally on the Xerox Machine] to validate 
users listed in the Local User Information Database. This option requires you to 
configure accounts in the Local User Information Database.
• Select [Username / Password Validated Remotely on the Network] to validate users 
via an Authentication Server. This option requires you to have a server that will provide 
authentication of user login details. Authentication via Kerberos (Solaris, Windows 
2000), NDS (Novell), SMB (Windows NT4/2000) or LDAP is supported.
b. Select the required option from the [Authentication method on the machine's web user 
interface (Web UI)] drop-down menu. When a user attempts to access Internet Services they 
are prompted to enter their login information. The option selected from the web user 
interface Authentication menu defines how the device will validate the user's rights to access 
Internet Services. This is required because if the user normally authenticates at the device 
with a card reader, there would be no method for the device to authenticate users who access 
Internet Services from their workstations.
• Select [Username / Password Validated Locally on the Xerox Machine] to validate 
users listed in the Local User Information Database. This option requires you to 
configure accounts in the Local User Information Database.
• Select [Username / Password Validated Remotely on the Network] to validate users 
via an Authentication Server. This option requires you to have a server that will provide 
authentication of user login details. Authentication via Kerberos (Solaris, Windows 
2000), NDS (Novell), SMB (Windows NT4/2000) or LDAP is supported.
c. Select required method from the [Authorization is stored] drop-down menu. The card reader 
and Authentication Solution authenticates (validates) the user. The Authorization method 
determines which areas of the device a user is allowed to access. There are two options:
• Select [Locally on the Machine] if you want the device to check the Local User 
Information Database for levels of authorization. 
• Select [Remotely on the Network] if you want to use an LDAP server to determine levels 
of authorization.
If you selected Remotely on the Network (from the Location of Access Rights box), configure 
LDAP communications as stated in the Configure Authentication for LDAP/LDAPS in the 
Authentication section of this guide. For details refer to Authentication Configuration for 
LDAP/LDAPS on page 160. 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide333
d. In the Personalize the machine's touch interface area, check the checkbox to allow the 
From: address to be automatically set to the logged in user's e-mail address, when they log in 
via Secure Access and for the Scan-to Home home directory to be automatically set to that of 
the logged in user.
e. Click on the [Save] button to return to the Xerox Access Setup page.
To Configure Xerox Secure Access on the Device
Note:Before you complete these steps ensure that the Xerox Secure Access authentication server 
has been configured to point to the device.
1. From the Authentication Configuration screen, in the Current Configuration area:
a. Click on the [Configure] button for Device User Interface Authentication - Xerox Secure 
Access.
b. The device will automatically configure itself to work with the XSA remote server. Click on the 
[Manually Configure] button if the XSA remote server does not configure automatically.
c. In the Server Communication area, select either [IPv4 Address] or [Hostname].
d. Enter details in the [IP Address: Port] or [Host Name: Port] fields.
e. Enter the details in the [Path] field.
Note:Enter the HTTP path of [public/dce/xeroxvalidation/convauth] and port number of [1824] 
to facilitate communication.
f. Under the Device Log In Methods heading, select one of the following:
•Xerox Secure Access Device Only (e.g., Swipe Cards - if you want to allow the user to 
swipe their swipe cards at the UI.
•Xerox Secure Access Device + alternate on-screen authentication method - if you 
want users to authenticate using the device’s control panel as well as the XSA feature.
When the second option is enabled, a button labelled “Alternate Login” is displayed on 
the “Instructional Blocking Window” providing users with an alternate method to log in. 
For example, this feature can be enabled for users who are unable to use their swipe 
card. When the alternate button is selected, the remote server presents a series of log in 
screens on the local user interface. The remote server is still responsible for 
authenticating the user. All other Xerox Secure Access options are supported with this 
setting. 
g. Under the Accounting Information heading, note that this item will be grayed out if 
Network Accounting is not enabled. If accounting is enabled, select [Automatically apply 
Accounting Codes from the server], if the Secure Access Server has been configured to 
return the accounting User ID and Account ID login. If you want the user to enter these 
values at the local user interface during login, select [User must manually enter accounting 
codes at the device].
h. Under the Device Instructional Blocking Window heading, enter text in the [Window Title] 
and [Instructional Text] fields to create the prompt that will be displayed on the device’s 
user interface informing users how to authenticate themselves at the device. 
Note:If the Title and Prompt have been configured on the Secure Access Server, then this 
information will override the Title and Prompt text entered here.
i. Click on the [Save] button when done.
2. Click on the [Close] button to return to the Authentication Configuration page. 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide 334
Enable Web User Interface Authentication
A second, networked Authentication Server will be necessary for web user interface Authentication, if 
Remotely on the Network was selected. Full instructions for configuring network authentication, using 
Kerberos, NDS, SMB, and LDAP/LDAPS are contained in the Network Authentication section of this 
guide.
The path to the Authentication Server configuration screen is:
Note:To configure this feature or these settings access the Properties tab as a System 
Administrator. For details, refer to Access Internet Services as System Administrator on page 24.
1. From the Properties tab, click on the [Security] link.
2. Click on the [Authentication] link and select [Setup] in the directory tree.
3. The Xerox Access Setup page displays. In the Authentication, Authorization, and 
Personalization area click on the [Edit..] button.
4. Select the [Username / Password Validated Remotely on the Network] option from the 
[Authentication method on the machine's web user interface (Web UI)] drop-down menu.
5. Follow the instructions to select the required Authentication Type from the drop-down menu.
•See Authentication Configuration for Kerberos (Solaris) on page 157.
•See Authentication Configuration for Kerberos (Windows 2000/2003) on page 158.
•See Authentication Configuration for SMB (Windows NT4) and SMB (Windows 
2000/2003/2008) on page 159.
•See Authentication Configuration for SMB (Windows NT4) and SMB (Windows 
2000/2003/2008) on page 159.
•See Authentication Configuration for LDAP/LDAPS on page 160.
6. When you have configured the required Authentication Type, click on the [Save] button to return 
to the Xerox Access Setup page.
Configure your LDAP Server
Configure LDAP communications on the device as stated in the LDAP/LDAPS topic. Refer to 
Authentication Configuration for LDAP/LDAPS on page 160.
7. To set Authentication to control access to individual Services, in the Current Configuration area, 
click on the [Edit] button for Access Setup Wizard.
a. On the Device Access page, in the Pathway Access area, select either [Unlocked] or 
[Locked] for the following options:
•Service Pathway
•Job Status Pathway
•Machine Status Pathway
b. Click on the [Next] button. The Service Access page displays. To set Authentication to 
control access to individual Features, select individual feature radio button for the following 
authentication access:
•Unlocked
•Locked
•Hidden
8. Click on the [Next] button to return to the Authentication Configuration screen. 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide335
9. Select [Logout] in the upper right corner of your screen if you are still logged in as Administrator, 
and click on the [Logout] button.
Use Secure Access
At the Device:
1. Touch/press an area of the device that you have locked.
2. Read the user interface prompt to determine what you need to do to be authenticated at the 
device. Authentication methods include:
• Swipe a card
• Place a proximity card near to the reader
• Enter a user ID or PIN number.
If you need to enter information, touch the [Keyboard Access] button and enter your login 
information.
3. The screen may request further information, such as a primary PIN or password, or account 
information. The primary PIN may have been set on the Xerox Secure Access authentication 
server. The account information may be requested because an accounting option is configured on 
the device.
4. The Xerox device will confirm successful authentication and you will now have access to the 
fea t ure s.
5. When you have finished using the features, press the  button on the keypad to close 
your account. 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide 336 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide337
24Software Upgrade
The Software Upgrade feature allows the customer to upgrade the device software as requested by a 
Xerox Customer Support Center Representative, without needing a Customer Service Representative to 
be present.
When Should I Upgrade the Software?
Xerox is continually seeking to improve its products and a software revision may become available to 
improve functionality on the device. Your Customer Support Center Representative will instruct you to 
upgrade your device when it is necessary.
How Do I Upgrade the Software?
IMPORTANT: Any jobs in the queue must be allowed to complete or be deleted before initiating a 
software upgrade.
There are three methods for upgrading the software on the device:
• Over a network connection using Internet Services via a web browser.
• Auto upgrade.
• USB Stick and DLM.
1. Software Upgrade Over a Network Connection
If your device is connected to the network, it is possible to upgrade the software through Internet 
Services. The device will need to be configured for TCP/IP and HTTP.
2. Auto Upgrade
If performing a software upgrade on the device via Internet Services it is possible to set the Auto 
Upgrade feature to schedule automatic device software upgrades from a central server at a specific 
time on a regular basis.
3. Software Upgrade via the USB Port
If your device does not have a network connection it is possible to upgrade the software by connecting 
a workstation or a laptop to the USB port. 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide 338
To Upgrade Using the Internet Services
Note:This procedure will delete any current jobs in the device print queue and prevent further jobs 
from printing until the upgrade has completed. If you wish to preserve these jobs, allow them to 
complete before upgrading your software.
All configured network settings and installed options will be retained by the device after the 
Software Upgrade process.
Information Checklist
Before starting the procedure, ensure the following item is available or task has been performed:
• Obtain the new software upgrade file for your device from the www.xerox.com website or from 
your Xerox Customer Support Representative. 
The upgrade file will have an extension of .dlm (dynamically loaded module). Download the 
upgrade file to a local or network drive. You will be able to delete the file after the upgrade 
procedure.
It is important to obtain the correct upgrade file for your particular model of device.
System Software Version
To determine which model of device you have, check the system software version.
Manual Upgrade
At the Device:
1. Press the  button.
2. Touch [Machine Information] tab.
3. In the General Information area, view the System Software Version.
Note:TCP/IP and HTTP protocols must be enabled on the device so that the device can be 
accessed via the web browser.
At your Workstation:
Note:To configure this feature or these settings access the Properties tab as a System 
Administrator. For details, refer to, Access Internet Services as System Administrator on page 24.
1. From the Properties tab, click on the [General Setup] link.
2. Click on the [Machine Software] link.
3. Select [Upgrades] in the directory tree.
4. In the Upgrades area:
a. Check the [Enabled] checkbox.
b. Click on the [Apply] button.
5. Select [Manual Upgrade] in the directory tree.
6. In the Manual Upgrade area:
a. Click on the [Browse] button to locate the software upgrade file [.dlm] obtained earlier.  
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide339
b. Click on the [.dlm] file obtained earlier.
c. Click on the [Open] button.
d. Click on the [Install Software] button to proceed with the upgrade. 
• If prompted, enter the Administrator User ID and Password. The default is [admin] and 
[1111].
• Click on the [Login] button.
The file will be sent to the printer and will disable the printing functionality. The web browser will 
become inactive and you will not be able to access the device via this method until the upgrade 
has completed and the device has rebooted. The upgrade should take no longer than 30 minutes.
7. When the device has completed the upgrade it will reboot automatically. The Configuration 
Report will print (if enabled). Check the Configuration Report to verify that the software level has 
changed.
Auto Upgrade
You can set the device to automatically schedule device software upgrades from a central server at a 
specific time on a regular basis.
Note:This procedure will delete any current jobs in the device print queue and prevent further jobs 
from printing until the upgrade has completed. If you wish to preserve these jobs, allow them to 
complete before upgrading your software.
All configured network settings and installed options will be retained by the device after the 
Software Upgrade process.
Information Checklist
Before starting the procedure, ensure the following items are available or tasks have been performed:
• Obtain the new software for your device this will have an extension of .dlm (dynamically loaded 
module) from the www.xerox.com website or from your Xerox Customer Support Representative.
• Download the upgrade file to a local or network drive. You will be able to delete the file after the 
upgrade procedure.
• TCP/IP and HTTP protocols must be enabled on the device so that the device web browser can be 
accessed.
At your Workstation:
Note:To configure this feature or these settings access the Properties tab as a System 
Administrator. For details, refer to, Access Internet Services as System Administrator on page 24.
1. From the Properties tab, click on the [General Setup] link.
2. Click on the [Machine Software] link.
3. Select [Upgrades] in the directory tree.
4. In the Upgrades area:
a. Check the [Enabled] checkbox.
b. Click on the [Apply] button.
5. Select [Auto Upgrade] in the directory tree to set the Auto Upgrade time. 
						

							WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
System Administrator Guide 340
6. In the Auto Upgrade area:
a. Check the [Enabled] checkbox to enable the Schedule Upgrade fea t ure .
b. For Refresh Start Time, select either [Hourly] or [Daily].
c. If [Daily] has been selected, enter the required time of the day for the upgrade to be 
performed.
d. For [Protocol], select either [IPv4 Address], [IPv6 Address] or [Host Name].
e. Enter the details in the [IP Address: Port] or the [Host Name: Port] of the server where the 
software upgrade file (obtained earlier) is located.
f. Enter the path to the upgrade file on the server in the [Directory Path] field.
g. Enter the [Login Name] and [Password] for the server.
h. Click on the [Apply] button to accept the changes.
The upgrade will now be performed automatically on the device at the time specified. When the 
upgrade process starts network connectivity with the device will be unavailable, including access 
from Internet Services. The upgrade progress can be monitored from the device screen interface.
Note:Software Installation will begin several minutes after the software file has been submitted 
to the device. When Installation has begun all Internet Services from this device will be lost, 
including this web user interface. The installation progress can be monitored from the local user 
interface. 
Upgrade Through USB
This section provides instructions to upgrade machine software via the Utilities Software Upgrade Tool 
installed on a workstation or laptop and connected to the machine via a USB cable.
Note:This procedure will delete any current jobs in the machine print queue and prevent further 
jobs from printing until the upgrade has completed. If you wish to preserve these jobs, allow them 
to complete before upgrading your software.
All configured network settings and installed options will be retained by the machine after the 
Software Upgrade process.
Information Checklist
Before starting the procedure, ensure the following items are available or tasks have been performed:
• A type A-B USB Cable.
• The Utilities CD3 delivered with your machine. The Utilities CD contains the tool used for 
performing machine software upgrades.
• A laptop or workstation (close to the machine) that supports USB connectivity.
• The software upgrade file obtained from your Customer Service Representative. The file will have 
an extension .UGD (upgrade). It is important to obtain the correct upgrade file for your particular 
model of machine.
• If you are performing the upgrade on a networked (connected printer) device, ensure the device is 
online before continuing.