Upload
hellodes
View
64
Download
0
Embed Size (px)
DESCRIPTION
Konica c250 user manual
Citation preview
Page 1 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Setting-up Guide for bizhub C250/C351/C450/420/500/600/750
User Authentication In combination with
Active Directory environment NDS environment
SMB /NTLM environment
Page 2 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Page 3 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
KONICA MINOLTA BIZHUB C250 / C351 / C450 / 750 / 600 SETTING-UP OF USER
AUTHENTICATION ON ACTIVE DIRECTORY........................................................................................... 4
PREPARATION ...................................................................................................................................................... 4 CHECK TCP/IP SETTINGS..................................................................................................................................... 4 CONFIGURE USER AUTHENTICATION (ACTIVE DIRECTORY) ................................................................................ 7
KONICA MINOLTA BIZHUB C250 / C351 / C450 / 750 / 600 SETTING-UP OF USER
AUTHENTICATION ON NOVELL NDS........................................................................................................ 12
CONFIGURE USER AUTHENTICATION (NDS) ...................................................................................................... 12
KONICA MINOLTA BIZHUB C250 / C351 / C450 / 750 / 600 SETTING-UP SMB/NTLM USER
AUTHENTICATION ......................................................................................................................................... 17
CONFIGURE USER AUTHENTICATION (SMB/NTLM) ......................................................................................... 17
APPENDIX.......................................................................................................................................................... 22
WHERE TO FIND REQUIRED INFORMATION ......................................................................................................... 22 THINKS WHICH MAKES YOUR LIFE EASIER.......................................................................................................... 23 UPDATES IN THIS DOCUMENT RELEASE.............................................................................................................. 25
Page 4 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Konica Minolta bizhub C250 / C351 / C450 / 750 / 600 Setting-up of User authentication on Active Directory
This chapter described the setting-up procedure for User Authentication function in combination with a MS Windows server supporting Active Directory. Its mandatory that the C450 is connected to a TCP/IP network and the correct TCP/IP settings are applied to it.
Preparation
Before setting up user authentication, please collect following information. If you have difficulties to find the required information, please refer to the appendix Where to find required Information:
MFPs Administrator password
MFPs IP address
Subnet Mask
Default gateway (optional)
Priority DNS Server address
Substitute 1 DNS Server address (optional)
Substitute 2 DNS Server address (optional)
MFPs DNS Host Name
MFPs DNS Domain Name
Default Domain Name
Valid user account and Password for function check
Check TCP/IP settings
a) Press the Utility key on the Operation panel
Page 5 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
b) Select Administrator Setting
c) Enter the Administrator Password and touch the OK-button.
d) Select Network Setting
Page 6 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
e) Select TCP/IP Settings
f) Ensure that the right TCP/IP configuration is applied and select the Forward button (FWD. )
g) Ensure that at least the Priority DNS Server IP address is set. If no DNS server address is
set, User Authentication and LDAP search with GSS-SPNEGO authentication will not work. Select the Forward button (FWD. )
Page 7 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
h) Enter the DNS Default Domain Name and select the Forward button (FWD. ).
i) Enter the DNS Host Name and press OK
Configure User authentication (Active Directory)
a) Enter the Administrator Mode and select User Authentication / Account Track
Page 8 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
b) Select General Settings
c) Select User Authentication ON (External Server)
d) Choose Active Directory
Page 9 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
e) Select the field (button) 01 and touch Registration in order to register the domain name of
the domain against the user authentication shall take place.( up to 20 domain different domain names can be registered).
f) Enter the Domain Name and press OK
g) Leave the registration screen by touching OK
Page 10 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
h) Leave the External Server Authentication screen by touching OK
i) Leave the general settings screen by touching OK
j) In order to activate User Authentication this message has to be confirmed by touching the
[Yes] button. Please be aware that this will clear all previous programmed accounting and Authentication data.
Page 11 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
k) Try to login with a valid user account name and password. If you face any difficulties to login,
please re-check all settings and refer to the appendix known issues.
Page 12 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Konica Minolta bizhub C250 / C351 / C450 / 750 / 600 Setting-up of User authentication on Novell NDS
This chapter described the setting-up procedure for User Authentication function in combination with a Novell Netware Server Ver. 5 and later. Preparation Before setting up user authentication, please collect following information. If you have difficulties to find the required information, please refer to the appendix Where to find required Information:
MFPs Administrator password
Default NDS Tree Name
Default NDS Context Name
Valid user account name and Password for function check (admin credential will not work, due to Netware security setting)
Configure User authentication (NDS)
a) Press the Utility key on the Operation panel
Page 13 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
b) Select Administrator Setting
c) Enter the Administrator Password and touch the OK-button.
d) select User Authentication / Account Track
Page 14 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
e) Select General Settings
f) Select User Authentication ON (External Server)
g) Choose NDS
Page 15 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
h) Select Default NDS Tree Name
i) Input the default NDS tree name and touch the OK button
j) Select Default NDS context name
Page 16 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
k) Input the default NDS context name and touch the OK button
l) Leave the administrator mode and switch off and on the main device
l) Try to login with a valid user account and password. If you face any difficulties to login, please re-check all settings and refer to the appendix known issues.
Page 17 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Konica Minolta bizhub C250 / C351 / C450 / 750 / 600 Setting-up SMB/NTLM User authentication
This chapter described the setting-up procedure for User Authentication function in combination with a Windows PC or a Computer running Samba service. Preparation Before setting up user authentication, please collect following information. If you have difficulties to find the required information, please refer to the appendix Where to find required Information:
MFPs Administrator password
Default Domain Name
Valid user account and Password for function check (admin credential will not work, due to Netware security setting)
Configure User authentication (SMB/NTLM)
b) Please ensure a basic TCP/IP configuration of the MFP. IP-address and subnet mask must be
programmed. All other TCP/IP settings are optional. c) Press the Utility key on the Operation panel
Page 18 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
e) Select Administrator Setting
f) Enter the Administrator Password and touch the OK-button.
g) select User Authentication / Account Track
Page 19 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
h) Select General Settings
i) Select User Authentication ON (External Server)
j) Choose [NTLM v1] for user authentication against a SAMBA server, or [NTML v2] for user authentication against a Windows Server.
OR
Page 20 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
k) Select Default Domain Name
l) Input the default Domain Name by using capital characters and touch the OK button
m) Leave the administrator mode and switch off and on the main device
Page 21 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
n) Try to login with a valid user account and password. If you face any difficulties to login, please
re-check all settings and refer to the appendix known issues.
Page 22 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Appendix
Where to find required Information
Active directory
MFPs Administrator password Try the standard Password or ask the Administrator.
MFPs IP address Check TCP/IP settings of MFP or ask the Network Administrator
Subnet Mask Check TCP/IP settings of MFP or ask the Network Administrator
Default gateway (optional) Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator
Priority DNS Server address Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator
Substitute 1 DNS Server address (optional) Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator
Substitute 2 DNS Server address (optional) Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator
MFPs DNS Host Name Check TCP/IP settings of MFP, use tracer ip_address_of_the_MFP and check the output information or ask the Network Administrator
MFPs DNS Domain Name Check TCP/IP settings of MFP, use tracer ip_address_of_the_MFP and check the output information or ask the Network Administrator
Default Domain Name Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator
Valid user account and Password for function check
Ask the Network Administrator
NDS
MFPs Administrator password Try the standard Password or ask the Administrator.
Default Domain Name Ask the network administrator.
Valid user account and Password for function check (admin credential will not work, due to Netware security setting)
Ask the network administrator.
SMB/NTLM
MFPs Administrator password Try the standard Password or ask the Administrator.
Default Domain Name Ask the network administrator.
Valid user account and Password for function check (admin credential will not work, due to Netware security setting)
Ask the network administrator.
Page 23 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Things which makes your life easier
User Authentication - Active Directory
Following Network protocols are used during user authentication Active Directory. Please ensure that the communication, for the listed protocols/ports, is not blocked by any firewall. If one ore more of the listed protocols/ports are blocked, user authentication will fail. In case of Windows 2003 Server, the Windows Firewall, which is enabled by default, is blocking all of the listed protocols/ports by default. To allow required communication, exceptions have to be configured.
During Active Directory user authentication, our devices are trying to synchronize the time settings by connecting to the NTP service running on the Domain controller. Please be aware, NPT setting in Administrator mode do not have any influence to user authentication process. During User authentication the NTP service is required from the domain controller, which will be used for the user authentication process. In case that the connection can not be established, authentication will fail. Please ensure that the W32TIME service, which provides the NTP service, is running. If the W32TIME service is running can easily be checked from Windows command line, by the command sc query w32time.
Protocol Port
DNS (Domain Name Server) 53 / UDP
Kerberos 88 / UDP 88 / TCP
NTP (Network Time Protocol) 123 / UDP LDAP (Lightweight Directory Access Protocol) 389 / TCP
Page 24 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
During User Authentication the Kerberos protocol is involved. Usually Kerberos communication will take place over UDP port 88. In seldom cases, if the Kerberos network package becomes too big, transport protocol changes from UDP to TCP. Our general firmware does not support the Kerberos over TCP transport protocol. The size of a Kerberos package is influenced by the User accounts group memberships. If the user account belong to more than 25~30 groups, this issue may occur. For bizhub C250/C252/C300/C351/C352/C450 a special firmware, to provide Kerberos over TCP protocol support, is available. For other models, please ask your technical support department. To identify this issue, please make a network trace and check the Kerberos packages for the error message [KRB Error: KRB5KRB_ERR_RESPONSE_TOO_BIG].
User Authentication - NDS
Due to security setting of the Novell Netware server, Admin credential can not be used for user authentication.
User Authentication - SMB
Following Network protocols are used during user authentication SMB (NTML). Please ensure that the communication, for the listed protocols/ports, is not blocked by any firewall. If one ore more of the listed protocols/ports are blocked, user authentication will fail. In case of Windows 2003 Server, the Windows Firewall, which is enabled by default, is blocking all of the listed protocols/ports by default. To allow required communication, exceptions have to be configured.
Before Phase 3.0 firmware for bizhub C250/C252/C300/C351/C352/C450 and Phase 2.0 firmware for bizhub 420/500/600/750 SMB signing is not supported. This means that the default security settings of a Windows 2003 Domain Server will not allow our MFPs to carry out User authentication via SMB (NTML) with earlier firmware version. If you face any difficulties with SMB (NTML) authentication, please ensure that the applicable system is running with the latest firmware.
For bizhub 250/350 there will be no support for SMB signing. To get user authentication, via SMB (NTML), working following "Default Domain Controller Security Settings" must be changes:
From "Microsoft network server: Digitally sign communications (always)" enabled To "Microsoft network server: Digitally sign communications (always)" disabled
At least SMB Scanning or SMB printing must be enabled to use SMB user Authentication.
Protocol Port
NBSS (NETBIOS Session Service) 139 / UDP
Page 25 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Updates in this Document release
LCD screen pictures are updated to Color Phase 3.0 / Bizhub 420/500/600/750 Phase 2.0 firmware LCD screen pictures
NTP (Net time protocol) setup instruction has been removed. Time synchronisation is done automatically without further setting up. Please refer to KNOWN ISSUE - User Authentication - Active Directory
Samba server support mentioned in SMB/NTLM User Authentication section
KNOWN ISSUES has been updated