Configure settings so that authentication (without a password) based only on the user name is allowed when the printer driver is used for printing in an environment where user authentication is employed. This function is called the quick authentication.
When using the quick authentication, follow the below procedure to configure the settings.
Permit the quick authentication
For details on configuring the setting, refer to Here.
Register information of the LDAP server for confirming the user name (quick authentication server) in an environment where external server authentication is employed
For details on configuring the setting, refer to Here.
Set the following options according to your environment
Purpose | Reference |
---|---|
Communicate with the LDAP server using SSL |
Permit the quick authentication. By this, you can print data from the printer driver only based on user name authentication (without a password) in an environment where MFP authentication is employed.
In the administrator mode, select [User Auth/Account Track] - [Simple Authentication Setting] - [Simple Authentication Setting], and then set [Simple Authentication Setting] to [Allow] (default: [Restrict]).
To permit the quick authentication, the login user name for this machine for MFP authentication, external server authentication, and enhanced server authentication must match the Windows login ID.
You must inquire the LDAP server about the user name to obtain permission to access this machine in an environment where external server authentication is employed. This LDAP server is called the quick authentication server.
In the administrator mode, select [User Auth/Account Track] - [Simple Authentication setting] - [Register Simple Authentication Server], then click [Edit].
Click [Edit] in [1st Server], then configure the following settings.
Settings | Description |
---|---|
[Simple Authentication Server Name] | Enter the name of your authentication server group (using up to 32 characters). Assign a name that helps you easily identify the authentication server group. |
[External Authentication Server] | Select the external authentication server group used to associate the quick authentication. When quick authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name. [No Selection] is specified by default. |
[Server Address] | Enter the LDAP server address. Use one of the following formats.
|
[Port No.] | If necessary, change the LDAP server port number. In normal circumstances, you can use the original port number. [389] is specified by default. |
[Search Base 1] to [Search Base 3] | Specify the starting point and range to search for a user to be authenticated.
|
[Timeout] | If necessary, change the time-out time to limit a communication with the LDAP server. [60] sec. is specified by default. |
[General Settings] | Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server.
[Simple] is specified by default. |
[Login Name] | Log in to the LDAP server, and enter the user name to search for a user (using up to 64 characters). In this step, enter the user (name) that belongs to a specific administrator group on the LDAP server. |
[Password] | Enter the password of the user you entered into [Login Name] (using up to 64 characters, excluding "). To enter (change) the password, select the [Password is changed.] check box, then enter a new password. |
[Domain Name] | Enter the domain name to log in to the LDAP server (using up to 64 characters). If [GSS-SPNEGO] is selected for [General Settings], enter the domain name of Active Directory. |
[Use Referral] | Select whether to use the referral function, if necessary. Make an appropriate choice to fit the LDAP server environment. [ON] is specified by default. |
[Search Attribute] | Enter the search attribute to be used for search of user using the LDAP server (using up to 64 characters, including a symbol mark -). The attribute must start with an alphabet character. [uid] is specified by default. |
[Search Directory Service] | If you select [Active Directory], you can limit a search target for authentication to users. However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later). [Other] is specified by default. |
Click [Edit] in [2nd Server] as needed, then configure the following settings.
Settings | Description |
---|---|
[2nd Server Setting] | Select whether to use the secondary server. If you group two servers, you can switch to another server to perform authentication when a server shuts down. [OFF] is specified by default. |
[Round Robin function] | Select whether to alternately connect to the primary and secondary servers. If you select [Enable], you can alternately connect the primary and secondary servers to distribute the server load. [Disable] is specified by default. |
[Reconnection Settings] | Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server. When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.
[Set Reconnect Interval] is specified by default. |
Secondary Server Information | Specify the required information. For details on settings, refer to step 2. |
To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Authentication Server Connection status] - [Simple Auth.] in the administrator mode. If [Connection Enabled] is displayed, you can connect to both the primary and secondary authentication servers.
Communication between this machine and the LDAP server is encrypted with SSL.
Configure the setting if your environment requires SSL encryption communication with the LDAP server.
In the administrator mode, select [User Auth/Account Track] - [Simple Authentication Setting] - [Register Simple Authentication Server] - [Edit], then configure the following settings.
Settings | Description | |
---|---|---|
[Enable SSL] | Select this check box to use SSL communication. [OFF] (not selected) is specified by default. | |
[Port No.(SSL)] | If necessary, change the SSL communication port number. In normal circumstances, you can use the original port number. [636] is specified by default. | |
[Certificate Verification Level Settings] | To verify the certificate, select items to be verified. If you select [Confirm] at each item, the certificate is verified for each item. | |
[Expiration Date] | Confirm whether the certificate is still valid. [Confirm] is specified by default. | |
[CN] | Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default. | |
[Key Usage] | Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default. | |
[Chain] | Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default. | |
[Expiration Date Confirmation] | Confirm whether the certificate has expired. Confirm for expiration of the certificate in the following order.
[Do Not Confirm] is specified by default. |