AD NDS SMB User Authentication

Setting-up Guide for bizhub C250/C351/C450/420/500/600/750 User Authentication
In combination with
Active Directory environment NDS environment SMB /NTLM environment
Page 1 of 25
AD_NDS_SMB userauthentication set-up_ver_1_10.doc
Page 2 of 25
KONICA MINOLTA BIZHUB C250 / C351 / C450 / 750 / 600 SETTING-UP OF USER AUTHENTICATION ON ACTIVE DIRECTORY........................................................................................... 4 PREPARATION ...................................................................................................................................................... 4 CHECK TCP/IP SETTINGS ..................................................................................................................................... 4 CONFIGURE USER AUTHENTICATION (ACTIVE DIRECTORY) ................................................................................ 7 KONICA MINOLTA BIZHUB C250 / C351 / C450 / 750 / 600 SETTING-UP OF USER AUTHENTICATION ON NOVELL NDS........................................................................................................ 12 CONFIGURE USER AUTHENTICATION (NDS) ...................................................................................................... 12 KONICA MINOLTA BIZHUB C250 / C351 / C450 / 750 / 600 SETTING-UP SMB/NTLM USER AUTHENTICATION ......................................................................................................................................... 17 CONFIGURE USER AUTHENTICATION (SMB/NTLM) ......................................................................................... 17 APPENDIX .......................................................................................................................................................... 22 WHERE TO FIND REQUIRED INFORMATION ......................................................................................................... 22 THINKS WHICH MAKES YOUR LIFE EASIER .......................................................................................................... 23 UPDATES IN THIS DOCUMENT RELEASE.............................................................................................................. 25
Page 3 of 25
Konica Minolta bizhub C250 / C351 / C450 / 750 / 600 Setting-up of User authentication on Active Directory
This chapter described the setting-up procedure for User Authentication function in combination with a MS Windows server supporting Active Directory. Its mandatory that the C450 is connected to a TCP/IP network and the correct TCP/IP settings are applied to it. Preparation Before setting up user authentication, please collect following information. If you have difficulties to find the required information, please refer to the appendix Where to find required Information: MFPs Administrator password MFPs IP address Subnet Mask Default gateway (optional) Priority DNS Server address Substitute 1 DNS Server address (optional) Substitute 2 DNS Server address (optional) MFPs DNS Host Name MFPs DNS Domain Name Default Domain Name Valid user account and Password for function check
Check TCP/IP settings a) Press the Utility key on the Operation panel
Page 4 of 25
b) Select Administrator Setting
c) Enter the Administrator Password and touch the OK-button.
d)
Select Network Setting
Page 5 of 25
e) Select TCP/IP Settings
f)
Ensure that the right TCP/IP configuration is applied and select the Forward button (FWD.
g) Ensure that at least the Priority DNS Server IP address is set. If no DNS server address is set, User Authentication and LDAP search with GSS-SPNEGO authentication will not work. Select the Forward button (FWD. )
Page 6 of 25
h) Enter the DNS Default Domain Name and select the Forward button (FWD.
).
i)
Enter the DNS Host Name and press OK
Configure User authentication (Active Directory) a) Enter the Administrator Mode and select User Authentication / Account Track
Page 7 of 25
b) Select General Settings
c) Select User Authentication ON (External Server)
d) Choose Active Directory
Page 8 of 25
e)
Select the field (button) 01 and touch Registration in order to register the domain name of the domain against the user authentication shall take place.( up to 20 domain different domain names can be registered).
f) Enter the Domain Name and press OK
g) Leave the registration screen by touching OK
Page 9 of 25
h) Leave the External Server Authentication screen by touching OK
i) Leave the general settings screen by touching OK
j) In order to activate User Authentication this message has to be confirmed by touching the [Yes] button. Please be aware that this will clear all previous programmed accounting and Authentication data.
Page 10 of 25
k) Try to login with a valid user account name and password. If you face any difficulties to login, please re-check all settings and refer to the appendix known issues.
Page 11 of 25
Konica Minolta bizhub C250 / C351 / C450 / 750 / 600 Setting-up of User authentication on Novell NDS This chapter described the setting-up procedure for User Authentication function in combination with a Novell Netware Server Ver. 5 and later. Preparation Before setting up user authentication, please collect following information. If you have difficulties to find the required information, please refer to the appendix Where to find required Information: MFPs Administrator password Default NDS Tree Name Default NDS Context Name Valid user account name and Password for function check (admin credential will not work, due to Netware security setting)
Configure User authentication (NDS) a) Press the Utility key on the Operation panel
Page 12 of 25
b) Select Administrator Setting
c) Enter the Administrator Password and touch the OK-button.
d) select User Authentication / Account Track
Page 13 of 25
e) Select General Settings
f)
Select User Authentication ON (External Server)
g) Choose NDS
Page 14 of 25
h) Select Default NDS Tree Name
i)
Input the default NDS tree name and touch the OK button
j)
Select Default NDS context name
Page 15 of 25
k) Input the default NDS context name and touch the OK button
l)
Leave the administrator mode and switch off and on the main device
l)
Try to login with a valid user account and password. If you face any difficulties to login, please re-check all settings and refer to the appendix known issues.
Page 16 of 25
Konica Minolta bizhub C250 / C351 / C450 / 750 / 600 Setting-up SMB/NTLM User authentication This chapter described the setting-up procedure for User Authentication function in combination with a Windows PC or a Computer running Samba service. Preparation Before setting up user authentication, please collect following information. If you have difficulties to find the required information, please refer to the appendix Where to find required Information: MFPs Administrator password Default Domain Name Valid user account and Password for function check (admin credential will not work, due to Netware security setting)
Configure User authentication (SMB/NTLM) b) Please ensure a basic TCP/IP configuration of the MFP. IP-address and subnet mask must be programmed. All other TCP/IP settings are optional. c) Press the Utility key on the Operation panel
Page 17 of 25
e) Select Administrator Setting
f)
Enter the Administrator Password and touch the OK-button.
g) select User Authentication / Account Track
Page 18 of 25
h) Select General Settings
i)
Select User Authentication ON (External Server)
j)
Choose [NTLM v1] for user authentication against a SAMBA server, or [NTML v2] for user authentication against a Windows Server.
OR
Page 19 of 25
k) Select Default Domain Name
l)
Input the default Domain Name by using capital characters and touch the OK button
m) Leave the administrator mode and switch off and on the main device
Page 20 of 25
n) Try to login with a valid user account and password. If you face any difficulties to login, please re-check all settings and refer to the appendix known issues.
Page 21 of 25
Appendix
Where to find required Information
Active directory
MFPs Administrator password MFPs IP address Subnet Mask Default gateway (optional) Try the standard Password or ask the Administrator. Check TCP/IP settings of MFP or ask the Network Administrator Check TCP/IP settings of MFP or ask the Network Administrator Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator Check TCP/IP settings of MFP, use tracer ip_address_of_the_MFP and check the output information or ask the Network Administrator Check TCP/IP settings of MFP, use tracer ip_address_of_the_MFP and check the output information or ask the Network Administrator Check TCP/IP settings of MFP, check the TCP/IP setting of a nearby workstation by using ipconfig /all or ask the Network Administrator Ask the Network Administrator
Priority DNS Server address
Substitute 1 DNS Server address (optional)
Substitute 2 DNS Server address (optional)
MFPs DNS Host Name
MFPs DNS Domain Name
Default Domain Name Valid user account and Password for function check
NDS
MFPs Administrator password Default Domain Name Valid user account and Password for function check (admin credential will not work, due to Netware security setting) Try the standard Password or ask the Administrator. Ask the network administrator. Ask the network administrator.
SMB/NTLM
MFPs Administrator password Default Domain Name Valid user account and Password for function check (admin credential will not work, due to Netware security setting) Try the standard Password or ask the Administrator. Ask the network administrator. Ask the network administrator.
Page 22 of 25
Things which makes your life easier
User Authentication - Active Directory Following Network protocols are used during user authentication Active Directory. Please ensure that the communication, for the listed protocols/ports, is not blocked by any firewall. If one ore more of the listed protocols/ports are blocked, user authentication will fail. In case of Windows 2003 Server, the Windows Firewall, which is enabled by default, is blocking all of the listed protocols/ports by default. To allow required communication, exceptions have to be configured. Protocol DNS (Domain Name Server) Port 53 / UDP UDP TCP UDP TCP
88 / Kerberos 88 / NTP (Network Time Protocol) 123 / LDAP (Lightweight Directory Access Protocol) 389 /
During Active Directory user authentication, our devices are trying to synchronize the time settings by connecting to the NTP service running on the Domain controller. Please be aware, NPT setting in Administrator mode do not have any influence to user authentication process. During User authentication the NTP service is required from the domain controller, which will be used for the user authentication process. In case that the connection can not be established, authentication will fail. Please ensure that the W32TIME service, which provides the NTP service, is running. If the W32TIME service is running can easily be checked from Windows command line, by the command sc query w32time.
Page 23 of 25
During User Authentication the Kerberos protocol is involved. Usually Kerberos communication will take place over UDP port 88. In seldom cases, if the Kerberos network package becomes too big, transport protocol changes from UDP to TCP. Our general firmware does not support the Kerberos over TCP transport protocol. The size of a Kerberos package is influenced by the User accounts group memberships. If the user account belong to more than 25~30 groups, this issue may occur. For bizhub C250/C252/C300/C351/C352/C450 a special firmware, to provide Kerberos over TCP protocol support, is available. For other models, please ask your technical support department. To identify this issue, please make a network trace and check the Kerberos packages for the error message [KRB Error: KRB5KRB_ERR_RESPONSE_TOO_BIG].
User Authentication - NDS Due to security setting of the Novell Netware server, Admin credential can not be used for user authentication.
User Authentication - SMB Following Network protocols are used during user authentication SMB (NTML). Please ensure that the communication, for the listed protocols/ports, is not blocked by any firewall. If one ore more of the listed protocols/ports are blocked, user authentication will fail. In case of Windows 2003 Server, the Windows Firewall, which is enabled by default, is blocking all of the listed protocols/ports by default. To allow required communication, exceptions have to be configured. Protocol NBSS (NETBIOS Session Service) Port 139 / UDP
Before Phase 3.0 firmware for bizhub C250/C252/C300/C351/C352/C450 and Phase 2.0 firmware for bizhub 420/500/600/750 SMB signing is not supported. This means that the default security settings of a Windows 2003 Domain Server will not allow our MFPs to carry out User authentication via SMB (NTML) with earlier firmware version. If you face any difficulties with SMB (NTML) authentication, please ensure that the applicable system is running with the latest firmware. For bizhub 250/350 there will be no support for SMB signing. To get user authentication, via SMB (NTML), working following "Default Domain Controller Security Settings" must be changes: From "Microsoft network server: Digitally sign communications (always)" enabled To "Microsoft network server: Digitally sign communications (always)" disabled
At least SMB Scanning or SMB printing must be enabled to use SMB user Authentication.
Page 24 of 25
Updates in this Document release LCD screen pictures are updated to Color Phase 3.0 / Bizhub 420/500/600/750 Phase 2.0 firmware LCD screen pictures NTP (Net time protocol) setup instruction has been removed. Time synchronisation is done automatically without further setting up. Please refer to KNOWN ISSUE - User Authentication - Active Directory Samba server support mentioned in SMB/NTLM User Authentication section KNOWN ISSUES has been updated
Page 25 of 25

AD NDS SMB User Authentication

Uploaded by

Copyright:

Available Formats

AD NDS SMB User Authentication

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AD NDS SMB User Authentication

Uploaded by

Copyright:

Available Formats

Setting-up Guide for bizhub C250/C351/C450/420/500/600/750 User Authentication

Active Directory environment NDS environment SMB /NTLM environment

b) Select Administrator Setting

c) Enter the Administrator Password and touch the OK-button.

Select Network Setting

e) Select TCP/IP Settings

Enter the DNS Host Name and press OK

b) Select General Settings

c) Select User Authentication ON (External Server)

d) Choose Active Directory

f) Enter the Domain Name and press OK

g) Leave the registration screen by touching OK

h) Leave the External Server Authentication screen by touching OK

i) Leave the general settings screen by touching OK

b) Select Administrator Setting

c) Enter the Administrator Password and touch the OK-button.

d) select User Authentication / Account Track

e) Select General Settings

Select User Authentication ON (External Server)

h) Select Default NDS Tree Name

Select Default NDS context name

e) Select Administrator Setting

Enter the Administrator Password and touch the OK-button.

g) select User Authentication / Account Track

h) Select General Settings

Select User Authentication ON (External Server)

k) Select Default Domain Name

Where to find required Information

Priority DNS Server address

Substitute 1 DNS Server address (optional)

Substitute 2 DNS Server address (optional)

MFPs DNS Host Name

MFPs DNS Domain Name

Things which makes your life easier

You might also like