Xerox WorkCentre 7345 User Manual

							189 Add the Secure Access to the Server
1. On the Windows 2000 desktop, from the Start menu, select Settings, then Printers.  On the Windows 
XP desktop, from Start, select Printers and Faxes.  The Vista path is Start\Control Panel\Printer(s).
2. On Windows 2000 or XP, click Add a Printer.
3. When the Add Printer Wizard screen displays, click Next.
4. Select Create a new port and choose Secure Access Port from the Type drop-down menu. (The 
Secure Access Port becomes available when it is installed, as above). Click Next.
5. When prompted, enter the IP address of the printer. 
6. Enter a name for the print queue (such as raw).  If you selected the Standard TCP/IP port, you can 
accept the default name provided by Windows.  Click Next.
7. You will be prompted for a print driver.  Select Have Disk and browse to the location of your print 
driver.
8. Select the .INF file, then click Open.
9. When the Install from Disk screen displays, verify that the path and file name are correct and click 
OK.
10. Select the model that corresponds to your printer and click Next.
11. Enter a name for your Printer and select either [Yes] or [No] for making this printer your default 
Windows printer.  Select Yes if you will be printing primarily to this printer from your Windows 
applications.  Click Next.
12. If the Printer Sharing Screen displays, select Do not share this printer, unless the Printer is directly 
connected to your workstation and you wish to Share it with other network users.  Click Next.
13. Select Yes to print a test page.  Click Next.
14. Click Finish.
Using Secure Access
1. Read the multifunction device’s User Interface prompt to determine what needs to be done to be 
authenticated at the device.  Authentication methods include swiping a card, placing a proximity card 
near the reader, or entering a user ID or PIN (personal identification number).
2. If the device requests further information such as accounting details, enter this information at the User 
Interface.
3. The device will confirm successful authentication allowing access to previously locked system 
features.
4. When finished using system features, press the [Clear All] button on the multifunction device’s keypad 
to close your account.
Downloaded From ManualsPrinter.com Manuals 
						

							190 Configure Color Copy Access for LDAP Group
Refer to your LDAP server documentation for the full range of information that can be entered into this 
LDAP dialog to fully support both e-mail applications and authentication using your LDAP server.
Set LDAP Server
To set the LDAP server:
1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. 
Press Enter.
2. Click the Properties tab, click the Connectivity folder, click the Protocols folder, then click the LDAP 
folder.
3. In the LDAP folder, click the LDAP Server link.
4. On the LDAP Directory page, in the Server Information area:
a. On the IP Address / Host Name & Port line, type the IP address (or host name).  
Note: If entering a fully qualified host name (for example, ldapserver.xerox.com), make sure that 
the specified domain name matches the device’s TCP/IP configuration (domain name shown 
under DNS on the device’s Configuration Report). 
b. Enter or verify the Port Number (default of 389).
c. If available, decide whether or not to use encryption (Authentication with SSL) when accessing 
the LDAP server.
d. In the LDAP Server drop-down list. click or verify Microsoft Active Directory.
5. In the Optional Information area:
a. In the Search Directory Root box, if desired, type the path to the LDAP objects to limit the LDAP 
search in the [Search Directory Root] area. The entry should be in base DN format (for instance, 
OU=People, DC=Xerox, DC=Com).
b. In the Login Name box, enter the machine’s Login Name and Password (if required) in the boxes 
provided. 
Note: Often, to simply supply address information for E-mail, no login is required.
c. In the Maximum Number of Search Results box, type the maximum number of addresses that 
will appear which match the search criteria selected by the user.
d. In the Search Time-Out area, either:
• Click Wait LDAP Server Limit.
• Click Wait and type the required time to wait for the Search Time-Out.  
e. To enable LDAP Referrals:
• On the LDAP Referrals line, click Enabled to have the server refer to additional LDAP 
servers when user information is initially unavailable.
• If using LDAP Referrals, enter the number of additional servers to check for user information 
(Hop Limit).
6. In the Search Name Order area, select the method that you would like LDAP to use to perform 
searches.
7. Click Apply
, then reboot the device at the prompt.
8. Continue with the next procedure to set LDAP Authentication.
Downloaded From ManualsPrinter.com Manuals 
						

							191 LDAP Authentication
To set LDAP authentication:
9. Click the Properties tab, click the Connectivity folder, click the Protocols folder, then click the LDAP 
folder.
10. In the LDAP folder, click the LDAP Authentication link.  
11. On the LDAP Authentication page, in the LDAP Authentication box:
a. On the Authentication Method line, either:
• Click Direct Authentication to set authentication with the LDAP server with the user name 
and password entered by the user, or  
• Click Authentication of User Attributes to set authentication with the LDAP server to the 
attributes listed on this dialog, such as samAccountName. 
b. On the Attribute of Typed User Name line, type “mail”.
c. On the Attribute of Login User Name line, type “samAccountName”.
d. Regarding text strings, unless you are very familiar with LDAP, do not add text strings to the User 
Name.
e. Click Apply, then reboot the device at the prompt.
12. Continue with the next procedure to set LDAP Group Access.
LDAP Group Access
To set LDAP Group Access:
13. Click the Properties tab, click the Connectivity folder, click the Protocols folder, then click the LDAP 
folder.
14. In the LDAP folder, click the LDAP Group Access link.
15. On the LDAP Group Access page:
16. In the Color Authorization area, on the Color Access Group line, type 
CN=Color,CN=Users,DC=crmttrinity,DC=lab
17. Click Apply, then reboot the device at the prompt.
18. Continue with the next procedure to set Authentication Configuration.
Authentication Configuration
To set Authentication Configuration:
19. Click the Properties tab, then click the Security folder.
20. In the Security folder, click the Authentication Configuration hot link.
The Properties tab refreshes and the Authentication Configuration > Step 1 of 2 page appears.
21. On the Authentication Configuration > Step 1 of 2 page, in the Authentication Configuration box:
a. In the Login Type drop-down list, click or verify Login to Remote Accounts.
b. On the 
Mailbox to PC / Server line, click or verify the Enabled check box.
c. On the Non-account Print line, ensure that the Enabled check box is NOT checked if you wish to 
enable people without accounts to continue to print.
d. On the Guest User line, in the drop-down list box, click or verify Off.
22. Click Apply, then reboot the device following the prompt.
23. Continue with the next procedure to set Authentication System
Downloaded From ManualsPrinter.com Manuals 
						

							192 Authentication System
To set Authentication System:
24. Click the Properties tab, click the Security folder, then click the Remote Authentication Servers 
folder.
25. In the the Remote Authentication Servers folder, click the Authentication System link.
26. On the Authentication System page, in the Authentication Type box:
a. In the Authentication System Settings drop-down list box, click or verify LDAP. 
b. Click Apply, then reboot the device at the prompt.
Configure Color Copy Access Control at the device
To configure the device:
1. Press the Log In / Out button on the device Control Panel.
2. Press the 1 key on the numeric keypad five consecutive times.  (This is the factory default 
password.). Touch Enter.
3. Press the Machine Status button on the Control Panel.
4. Touch the Tools tab.
5. Touch Authentication / Security Settings.
6. In the Group column, touch Authentication.
7. In the Features column, touch Access Control. 
8. On the Access Control screen, touch Feature Access.
9. On the Feature Access screen:
a. In the Items column, touch Color Copying. 
b. Touch the Change Settings button.
10. On the Color Copy screen, touch Locked, then touch Save.
11. Reboot the device.
12. On the All Services screen, touch the Copy icon, then the Color button.
The Login screen appears.
The device is configured for Color Copy Access for LDAP Group.
Downloaded From ManualsPrinter.com Manuals 
						

							193
802.1X Authentication
The multifunction device supports 802.1X authentication based on the Extensible Application Protocol 
(EAP).  802.1X can be enabled for devices connected through both wired and wireless Ethernet networks.  
As described here, the 802.1X configuration is used to authenticate the multifunction device, rather than 
individual users.  After the device has been authenticated, it will be accessible to users on the network.
The administrator can configure the machine to use one EAP type.  EAP types currently supported on the 
device are:
EAP-MD5
PEAPv0/EAP-MS-CHAPv2
EAP-MS-CHAPv2
Information Checklist
Create a user name and password on your authentication server which will be used to authenticate the 
Xerox device.
Ensure your 802.1Xx authentication server and authentication switch are available on the network.
Configure 802.1X with Internet Services
1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. 
Press Enter.
2. Click the Properties tab.
3. Select the Security folder.
4. Select the 802.1X link.
5. Select (place a checkmark in) the Enabled box.
6. Select the required Authentication Method.
7. Enter the User Name and Password required by your authentication switch and server.
8. Click Apply.
9. If prompted, enter the administrator user name and password.  The 11111 and x-admin.
Downloaded From ManualsPrinter.com Manuals 
						

							194
Security – Encryption
Encryption Service Overview
Note: You may have to purchase the Security Kit option to enable encryption with your Device.  If you 
cannot generate a self-signed certificate, or enable SSL/TLS Communication, as stated under 
Configuration of HTTP Communication Encryption, in this section, contact your Xerox Representative 
to purchase the option.
Types of Encryption Services Available
The communication data between the machine and computers on a network can be encrypted.
Encryption for the machine, as described in this section, is set up using Internet Services.  Internet 
Services are a series of Web (HTML) Pages located within the Device enabling network communication 
settings to be conveniently configured from a web browser running on a remotely located workstation.
For help with specific terminology as encryption is being set up on the machine, refer to the CentreWare 
Internet Services online help.
Note that the quickest and easiest, although not the most “trusted,” method to use to set up initial HTTP 
communication encryption is the generation of a self-signed certificate (as stated under Configuration of 
HTTP Communication Encryption, in this section).
Click the Machine Digital Certificate Management hot link in the Security folder on the Properties page 
of Internet Services.  Use this link to manage all the digital certificates, of various types, stored on the 
machine.
Encryption of HTTP Communications from a Client to the Machine (Server Certificate)
The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use the HTTP server of the 
machine.
The SSL/TLS suite of protocols is used in the encryption of HTTP communications from a client to the 
machine.  A user of a client workstation accesses the machine’s HTTP server by typing https://, followed 
by the IP address of the machine, into the Address box of a web browser application.  The machine then 
offers the client a Digital Certificate, which the client accepts (after reviewing the validity of same).  Upon 
acceptance of the Digital Certificate, a Public Key exchange takes place, encryption algorithms are agreed 
upon between the two parties, and the client uses the server’s Public Key to communicate with the server 
using digitally signed and encrypted data.
Digital certificates imported from a Certificate Authority, or self-signed certificates created with CentreWare 
Internet Services, can be used as SSL/TLS certificates on the machine’s HTTP server.
Encryption of HTTP Communications from the Machine to a Remote Server (Client Certificate)
The SSL/TLS suite of protocols is used to encrypt HTTP communications with a remote server.
No client certificate is typically required for this activity. However, if a remote server is set to require an SSL 
client certificate, an SSL/TLS client certificate must be registered on the machine.
Digital certificates imported from a Certificate Authority can be used as SSL/TLS certificates on the 
machine’s HTTP server.
Note: When Remote Server Certificate Validation is enabled, under SSL/TLS Settings in Internet 
Services, the root certificate of the remote server must be registered to the machine (imported with 
Internet Services) to verify the Digital certificate of same.
Downloaded From ManualsPrinter.com Manuals 
						

							195 E-mail Encryption/Digital Signature
S/MIME certificates, imported from a Certificate Authority (in PKCS7 format), can be used on the 
machine’s HTTP server for E-mail Encryption.
Note: To import S/MIME certificates, use the Machine Digital Certificate Management hot link in the 
Security folder on the Properties Page of CentreWare Internet Services.
Encryption/Digital Signature of Scanned Files (PDF/XPS Documents)
While no digital signatures are required to encrypt PDF and XPS documents, these documents can be 
signed with imported PKCS12 Digital signatures.
When adding digital signatures to PDF or XPS documents, scan file certificates imported to the machine 
from a Certificate Authority, are typically used.
To import PKCS12 scan file certificates, use the Machine Digital Certificate Management hot link in the 
Security folder on the Properties Page of CentreWare Internet Services (accessed by entering the IP 
address of the multifunction device into the Address line of any web browser).
IP Sec (typically used to encrypt FTP) can be enabled from the Security file folder on the Properties page 
of Internet Services (the device’s web pages available by entering the IP of the device into a standard web 
browser).
802.1x can be enabled for devices connected through both wired and wireless Ethernet networks.  It is 
used to authenticate the multifunction device on the 802.1x network, rather than individual users..  802.1x 
can be enabled from the Security file folder on the Properties page of Internet Services (the device’s web 
pages available by entering the IP address of the device into a standard web browser).
Downloaded From ManualsPrinter.com Manuals 
						

							196
Configuration of HTTPS (SSL/TLS) Communication Encryption
Installation Overview
Configuration on the Machine
Two methods are available depending on the type of certificate.
- Create a self-signed certificate on the machine with Internet Services, and enable HTTPS.  This method 
is used primarily for Server certificates.
- Enable HTTPS, and import a signed certificate from a Certificate Authority, using the Machine Digital 
Certificate Management hot link in the Security folder on the Properties Page of CentreWare Internet 
Services.  
Note: To see this hot link, at least one certificate must have been created and stored on the machine.   
This is one of the purposes for creating a self-signed certificate.
Note: The Trusted Certificate Management folder does not appear under the Security folder until you 
enable HTTPS(SSL/TLS) Communication.
Configuration on a Computer
Use IP addresses beginning with https in web browser applications.
Downloaded From ManualsPrinter.com Manuals 
						

							197 Configuring certificates with CentreWare Internet Services
Two methods are available to configure certificates with CentreWare Internet Services: creating a self-
signed certificate (for SSL server), and importing a signed certificate from a Certificate Authority.
This section describes how to create a self-signed certificate (for SSL server).
Important
When performing SSL communication using a self-signed certificate created on the machine, or a 
certificate with which the character code is indicated by UTF-8, the following phenomena occur.
If Internet Explorer is used with Windows 98E or earlier, the issuer/issuing place of the certificate will 
not be displayed correctly.
SSL connection will not be made if Internet Explorer is used with Mac OS X 10.2 or later. This is 
because the operating system cannot recognize the character code (UTF-8) of the certificate. Use 
Netscape 7 in the above-mentioned OS environments.
For information on how to import created certificates, refer to the CentreWare Internet Services online 
help.
Important
When importing a certificate, if the same certificate has been already registered in [Local Device] or 
[Others], the certificate cannot be imported. Delete the registered certificate before importing.
1. Start a web browser.
2. Enter the machine’s IP address, beginning with “https,” into the Address box of your web browser, and 
press the Enter key.
Example:
https://192.168.1.1/
3. Click the Properties tab.
4. Click [+] on the Security folder to display the items in the folder.
5. Click on Machine Digital Certificate Management.
6. Generate a certificate.
a. Click the Create Self-Signed Certificate button.
b. Set the size of the Public Key as necessary.
c. Set Issuer as necessary.
d. Click the Apply button. When a screen to enter the user name and password appears, enter the 
System Administrator user ID and password into User Name and Password, and then click OK.
Note: The default user ID is 11111 and the default password is x-admin.
7. Refresh the web browser.
8. Click [+] on the left of the Security folder to display the items in the folder.
9. Click SSL/TLS Settings.
10. Select the Enable check box for SSL / TLS Server Communication.
11. Check the SSL / TLS Port Number.
Note: The correct port to use is 443.  Do not use the numbers of any other ports.
12. Apply the settings.
a. Click Apply.
b. The right frame on the web browser will change to the machine reboot display.
c. Click Reboot Machine. The machine will be unavailable for a short period of time.
Downloaded From ManualsPrinter.com Manuals 
						

							198 Configuration on a Computer
The following describes the configuration for a computer.
When encrypting communication between a web browser and the machine, enter an address beginning 
with https instead of http into the address column in the web browser.
Example of the IP address entry
https://192.168.1.1/
When encrypting IPP communications (Internet printing), enter an address beginning with https instead 
of http as the URL of a printer that is selected from [Add Printer].
Note: You will typically be presented with a Digital Certificate, which you need to accept in order to send 
encrypted files to the device.  Digital Certificates represent the Public Key of the device to which you are 
sending and must be accepted in order to allow the encryption process to take place.
No settings are needed to use the SOAP port and WebDAV port.
Downloaded From ManualsPrinter.com Manuals