Xerox WorkCentre 7345 User Manual
Have a look at the manual Xerox WorkCentre 7345 User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 228 Xerox manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
169 Security – Authentication Overview Users Controlled by Authentication Authenticated Users These are users who are registered with the machine. When using a restricted service, authenticated users are prompted to type their user IDs on the authentication screen. Guest Users These are users who are permitted to use the machine using the Guest password set by the System Administrator. Authentication Configuration and related Types No Login Required – Users can access any service without restriction. This is the default type for the machine. Login to Local Accounts – This type uses the user information registered on the machine to manage authentication. Login to Remote Accounts, matched with Network Accounting as Accounting Type – Network Access (authentication) uses the user information managed on a remote accounting service to manage authentication. User information, managed on the remote accounting service, is sent to be registered on the machine. When the user information on the remote accounting service is updated, the updated information must be sent from the remote accounting service to the machine. Network Access allows a unified management of user information for multiple devices. Login to Remote Accounts, with Accounting Type set to Off or Disabled – Remote authentication uses a remote authentication server to manage user access to the machine. User information is not required to be registered locally on the machine. Note that with remote authentication you cannot have as much individual service restriction as you have with Local machine authentication. To increase control over individual service access, with a system such as Kerberos, for example, you need to use an Authentication Agent (which, as of February 2007 was still available from the Authentication System hot link of the Remote Authentication / Directory Service folder of Internet Services). Note: When registering user information on a remote authentication server, use up to 32 characters for a user ID and up to 128 characters for a password. Note, however, for SMB the password limit is 32 characters. Login Type set to Xerox Secure Access with Accounting Disabled– When the Login Type is set to Xerox Secure Access, you will also need to configure a networked Authentication Server to supply credentialing information to the Secure Access Server. The Authentication Server can be running Kerberos, SMB, or LDAP and is configured as stated in the Configuring Remote Authentication topics of this guide section. Note that the Accounting Type can also be set to Network Accounting, to work with a networked accounting package, as stated in the Configuring Xerox Secure Access topic, in this section of this guide. Refer to the Equitrac™ documentation for further setup instructions. Downloaded From ManualsPrinter.com Manuals
170 Services Managed by User ID Authentication The services that can be managed by user ID authentication vary depending on the selected Authentication mode. The following tables provide a summary of these managed services for each mode. When Local Machine Access is enabled When Network Access is enabled When Remote Access is enabled ServiceManageable by Authentication? Copy Yes Print Yes Charge Print, Private Print Yes Scan Service Yes Fax, iFAX Yes Direct Fax Yes Report/List No ServiceManageable by Authentication? Copy Yes Print Yes Charge Print, Private Print Yes Scan Service Yes Fax, iFAX Yes Direct Fax Yes Report/List No ServiceManageable by Authentication? Copy Yes Print No Charge Print, Private Print Yes Scan Service Yes Fax, iFAX Yes Direct Fax No Report/List No Downloaded From ManualsPrinter.com Manuals
171 Effects of Authentication on Job Flow Sheets and Mailboxes When Login to Local Accounts is enabled, even if authentication is not enabled for the copy, fax, scan, or print services, authentication will be required for mailbox and job flow sheet operations. For full details on the effects of Authentication on Job Flow Sheets and Mailboxes, refer to that topic in the Device’s User Guide. Configuring Local machine authentication When Login to Local Accounts is enabled, the System Administrator can define pass codes for authorized users (and guests, when the selection is available) to use to authenticate to the system and access restricted services. Preparations: 1. Ensure the machine is fully functional on the network. 2. Ensure that the TCP/IP and HTTP protocols are configured on the device and fully functional. Refer to those topics in this guide for configuring information as required. This is required to access CentreWare Internet Services to configure Authentication. The Internet Services function is accessed through the embedded HTTP server on the machine and allows System Administrators to configure Authentication settings by using an Internet browser. At Your Workstation: 1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 2. Click the Properties tab. 3. Select the Security folder, then the Authentication Configuration hot link. 4. Select Login to Local Accounts from the Login Type drop-down list, then Local Accounting from the Accounting Mode drop-down list. 5. Place a checkmark in the Enable box for each service that you wish to restrict access to. For explanations of each service, click the Help button. 6. If available for selection, enable Guest User authentication from the associated drop-down list. 7. Enter the Guest Password twice in the text boxes supplied. 8. Click Next. 9.To configure Authentication for each account user, enter an Account Number in the Account Number box and click Edit. 10. Enter the Administrator User name (default of 11111) and password (default of x-admin) if prompted. 11. Fill in the settings for the user. For explanations of each setting, click the Help button. Note: Important: Set each Service Feature Access as desired. DO NOT set a Service Feature Access to “No Access,” unless you wish to deny user access to that specific feature. 12. Click Apply. Note: You can also use the User Interface at the Device to configure Local machine authentication. The menu path to follow there is: press Log In/Out, enter the Administrator password (default of 11111), press the Machine Status button, touch the Tools tab, and finally touch Auditron Administration. Downloaded From ManualsPrinter.com Manuals
172 Configuring Remote Authentication When Login to Remote Accounts is enabled, users of the device will be asked to provide a user name and password to be validated by the designated authentication server. If this validation is successful, the machine and any restricted services will be available for individual use. Preparations: 1. Ensure the machine is fully functional on the network. 2. Ensure that the TCP/IP, with DNS/WINS enabled, and HTTP protocols are configured on the device and fully functional. Refer to those topics in this guide for configuring information as required. This is required to access CentreWare Internet Services to configure Authentication. The Internet Services function is accessed through the embedded HTTP server on the machine and allows System Administrators to configure Authentication settings by using an Internet browser. 3. Ensure the Authentication Server to be used is functional on your network. Refer to your manufacturer’s documentation for instructions to complete this task. At Your Workstation: 1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 2. Click the Properties tab. 3. Select the Security folder, then the Authentication Configuration hot link. 4. Select Login to Remote Accounts from the Login Type drop-down list, then typically Accounting Disabled from the Accounting Mode drop-down list. 5. Place a checkmark in the Enable box for each service that you wish to restrict access to. For explanations of each service, click the Help button. Note: If a Guest User box is available and configurable, consider whether it is advisable in your network environment to allow simple password, guest access to this restricted service device. The default setting is Off. 6. Click Next. 7. Click Configure for Authentication System. 8. Select your system from the drop-down list and click Apply. Downloaded From ManualsPrinter.com Manuals
173 Configure Remote Authentication for Kerberos (Windows 2000) At your Workstation: 1. With the Authentication Configuration web page still running, click Configure next to the server you wish to use for Authentication. If not still running, perform steps 2 and 3 below. 2. If the web page is not still running, open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 3. Click the Properties tab and return to the Security folder. 4. Select the Remote Authentication Server / Directory Service folder in the list of hot links, select Authentication System and pick Kerberos (Solaris) from the drop-down list. Click Apply. 5. Select Kerberos Server Settings. 6. Enter the IP Address of the Primary Server (Domain Controller running the Key Distribution Center service). 7. Enter the IP Address of the Secondary Server (Domain Controller), if necessary. 8. Enter details of the Windows 2000 Domain in the Realm Name box. For example: example.com. 9. Enter details for up to 4 alternate Domain Controllers and backups, if required. 10. Click Apply, and supply the Administrator User name and password if prompted. Downloaded From ManualsPrinter.com Manuals
174 Configure Remote Authentication for Kerberos (Solaris) At Your Workstation: 1. With the Authentication Configuration web page still running, click Configure next to the server you wish to use for Authentication. If not still running, perform steps 2 and 3 below. 2. If the web page is not still running, open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 3. Click the Properties tab and return to the Security folder. 4. Select the Remote Authentication Server / Directory Service folder in the list of hot links, select Authentication System and pick Kerberos (Solaris) from the drop-down list. Click Apply. 5. Select Kerberos Server Settings. 6. Enter the IP Address of the Primary Server (the server running the Key Distribution Center service). 7. Enter the IP Address of the Secondary Server, if necessary. 8. Enter details for the Realm. For example (in upper case): EXAMPLE.COM. 9. Enter details for up to 4 alternate servers and backups, if required. 10. Click Apply, and supply the Administrator User name and password if prompted. Downloaded From ManualsPrinter.com Manuals
175 Configure Remote Authentication for SMB At Your Workstation: 1. With the Authentication Configuration web page still running, click Configure next to the server you wish to use for Authentication. If not still running, perform steps 2 and 3 below. 2. If the web page is not still running, open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 3. Click the Properties tab and return to the Security folder. 4. Select the Remote Authentication Server / Directory Service folder in the list of hot links, select Authentication System and pick SMB from the drop-down list. Click Apply. 5. Select SMB Server Settings. 6. From the SMB Server Setup drop-down menu, select your desired method. The selections include: By Domain Name, and By Domain Name and Server Address / IP Address. 7. Enter the Domain name (up to 15 characters) in the SMB Server – Domain Name box, for every Domain Controller specified. This entry is required regardless of the selection made from the SMB Server Setup drop-down menu. 8. Enter the IP Address of the Domain Controller in the SMB Server – Server Name / IP Address box (if By Domain Name and Server Address / IP Address was selected for SMB Server Setup). 9. Enter the IP Addresses of up to 4 additional Backup Domain Controllers, if applicable. 10. If you choose not to enter IP addresses, enter the Server Name (up to 64 characters) in the SMB Server – Server Name / IP Address box (if By Domain Name and Server Address / IP Address was selected for SMB Server Setup). 11. Click Apply, and supply the Administrator User name and password if prompted. Downloaded From ManualsPrinter.com Manuals
176 Configure Remote Authentication for LDAP Refer to your LDAP server documentation for the full range of information that can be entered into this LDAP dialog to fully support both E-mail applications and authentication using your LDAP server. The path to the LDAP dialog is as follows: At Your Workstation: 1. With the Authentication Configuration web page still running, click Configure next to the server you wish to use for Authentication. If not still running, perform steps 2 and 3 below. 2. If the web page is not still running, open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 3. Click the Properties tab. 4. Click the Connectivity folder, then the Protocols folder, then the LDAP folder. 5. Select LDAP Directory. 6. Click LDAP Server, and under Server Information, enter the IP address (or host name) in the box supplied. Note: If entering a fully qualified host name (for example, ldapserver.xerox.com), make sure that the specified domain name matches the device’s TCP/IP configuration (domain name shown under DNS on the device’s Configuration Report). 7. Enter the Port Number (default of 389). 8. If available , decide whether or not to use encryption (Authentication with SSL) when accessing the LDAP server. 9. Specify the LDAP Server environment from the Server Application drop-down list. 10. If desired, enter the path to the LDAP objects to limit the LDAP search in the [Search Directory Root] area. The entry should be in base DN format (for instance, ou=people, dc=xerox, dc=com). 11. For Login Name and Password, enter the machine’s Login Name and Password (if required) in the boxes provided. Note that, quite often, to simply supply address information for E-mail, no login is required. Downloaded From ManualsPrinter.com Manuals
177 12. Enter your required number for Maximum Number of Search Results. This is the maximum number of addresses that will appear which match the search criteria selected by the user. 13. Enter the required time to wait for Search Time-Out. Alternatively, you may select Wait LDAP Server Limit. 14. Place a checkmark in the Referral box if you would like the server to refer to additional LDAP servers, when user information is initially unavailable. 15. If using Referral, enter the number of additional servers to check for user information (Hop Limit). 16. For Search Name Order, select the method that you would like LDAP to use to perform searches. 17. Click Apply, and supply the Administrator User name and password if prompted. LDAP User Mappings You can click the LDAP User Mappings link to specify the attributes to search for within the LDAP database. Make sure that any entries made in the Imported Heading boxes are in LDAP nomenclature. For example, you would enter sn (surname) to search for the users last name, and givenName to search for the users first name. Enter cn (Common Name) to search for the most commonly used attribute (given name joined to surname) to identify specific users within the LDAP system. LDAP Authentication To set LDAP for authentication, click the LDAP Authentication link. For Authentication Method, choose either Direct Authentication or Authentication of User Attributes. Direct Authentication sets authentication with the LDAP server with the user name and password entered by the user. Authentication of User Attributes sets authentication with the LDAP server to the attributes listed on this dialog, such as samAccountName. Unless you are very familiar with LDAP, do not add text strings to the User Name. LDAP Group Access LDAP server user groups can be used to control access to certain areas of the Xerox device. For example, the LDAP server may contain a group of users called Admin. You can configure the Admin group on the device so that the members of that group will have administrator access to the device. When a user logs in at the device with their network authentication account, the device performs an LDAP look- up to determine if the user is a member of any groups. If the LDAP server confirms that the user is a member of the Admin group, the user will have administrator access. In the System Administrator Access Group box, enter the name of the group, defined at the LDAP server, that you want to provide with system administrator access to the device. Repeat the process for other LDAP group access boxes. Custom Filters For the Email Address Filter, in the box provided, type in the LDAP search string (filter) that you wish to apply. The filter defines a series of conditions that the LDAP search must fulfill in order to return the information you seek. The form of the typed search string (filter) is LDAP objects placed inside parenthesis. For example, to find all users that have an E-Mail attribute (mail enabled), type (objectClass=user) (mail=*). If you are not familiar with LDAP search strings, use an Internet browser search to find examples. Downloaded From ManualsPrinter.com Manuals
178 Configuring Network Authentication (by a Remote Accounting server) Network authentication uses the user information managed on a remote Accounting server to manage authentication (access) to available machine services. Enable Network Authentication To enable Network Authentication for use with this Device, at your networked workstation, perform the following steps: 1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. Press Enter. 2. Click the Properties tab. 3. Select the Security folder, then the Authentication Configuration hot link. 4. Select Login to Remote Accounts from the Login Type drop-down list, then Network Accounting from the Accounting Mode drop-down list. 5. Place a checkmark in the Enable box for each service that you wish to restrict access to. For explanations of each service, click the Help button. 6. Do not place a checkmark in the Non-account Print box if you wish to enable people without accounts to continue to print. 7. From the Verify User Details drop-down menu, select either Yes or No (keep logon records). The Yes selection will verify user information. When No (keep logon records) is selected, User ID and Account ID must be entered at the Device, but user information will not be checked. A logon record will be kept by the Device, however. 8. If a Guest User box is available and configurable, consider whether it is advisable in your network environment to allow simple password, guest access to this restricted service device. The default setting is Off. 9. If you wish to allow guest access, enter your guest password twice in the boxes provided. 10. Click Apply and enter the Administrator User name and password when prompted. 11. Click the Reboot Machine button, then OK, when prompted. 12. Refresh your web browser, then click on the User Details Setup link to set the Store User Details setting. Note that you can set either NVM or hard disk as the destination for saved authentication information. User Details Setup also allows you to configure the characteristics of the login prompt for User Authentication. Downloaded From ManualsPrinter.com Manuals