Printing without a password (Quick Authentication for Printing)
Overview
Configure settings so that authentication (without a password) based only on the user name is allowed when the printer driver is used for printing in an environment where user authentication is employed. This function is called the Quick Authentication for Printing function.
When using the Quick Authentication for Printing function, follow the below procedure to configure the settings.
Permit the Quick Authentication for Printing function
For details on configuring the setting, refer to Here.
Register information of the LDAP server for confirming the user name (quick authentication for printing server) in an environment where external server authentication is employed
For details on configuring the setting, refer to Here.
Set the following options according to your environment
Purpose
Reference
Communicate with the LDAP server using SSL
Provide against shutdown of the quick authentication for printing server
Permit the Quick Authentication for Printing function
Allow the Quick Authentication for Printing function. By this, you can print data from the printer driver only based on user name authentication (without a password) in an environment where MFP authentication is employed.
In the administrator mode, select [User Auth/Account Track] - [Simple Print Authentication Setting] - [Simple Print Authentication Setting], and then set [Simple Print Authentication Setting] to [Allow] (Default: [Restrict]).
Registering the quick authentication for printing server
You must inquire the LDAP server about the user name to obtain permission to access this machine in an environment where external server authentication is employed. This LDAP server is called the quick authentication for printing server.
In the administrator mode, select [User Auth/Account Track] - [Simple Print Authentication Setting] - [Register Simple Print Authentication Server] - [Edit], then register information of the quick authentication for printing server.
Settings | Description |
|---|---|
[Server Address] | Enter the LDAP server address. Use one of the following formats.
|
[Port No.] | If necessary, change the LDAP server port number. In normal circumstances, you can use the original port number. [389] is specified by default. |
[Search Base] | Specify the starting point to search for a user to be authenticated (using up to 255 characters). The range from the entered origin point, including the following tree structure, is searched. Example of entry: "cn=users,dc=example,dc=com" |
[Timeout] | If necessary, change the time-out time to limit a communication with the LDAP server. [60] sec. is specified by default. |
[General Settings] | Select the authentication method to log in to the LDAP server. Select one appropriate for the authentication method used for your LDAP server.
[Simple] is specified by default. |
[Login Name] | Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters). |
[Password] | Enter the password of the user name you entered into [Login Name] (using up to 64 characters, excluding "). To enter (change) the password, select the [Password is changed.] check box, then enter a new password. |
[Domain Name] | Enter the domain name to log in to the LDAP server (using up to 64 characters). If [GSS-SPNEGO] is selected for [General Settings], enter the domain name of Active Directory. |
[Use Referral] | Select whether to use the referral function, if necessary. Make an appropriate choice to fit the LDAP server environment. [ON] is specified by default. |
[Search Attribute] | Enter the search attribute to be used for search of user using the LDAP server (using up to 64 characters, including a symbol mark -). The attribute must start with an alphabet character. [uid] is specified by default. |
[External Server Connection] | Select the external server name to be used as a part of user information when authentication using the quick authentication for printing server is successfully completed from the external servers registered on this machine. The external server selected here is used for the following purpose.
[No Selection] is specified by default. |
Using SSL communication
Communication between this machine and the LDAP server is encrypted with SSL.
Configure the setting if your environment requires SSL encryption communication with the LDAP server.
In the administrator mode, select [User Auth/Account Track] - [Simple Print Authentication Setting] - [Register Simple Print Authentication Server] - [Edit], then configure the following settings.
Settings | Description | |
|---|---|---|
[Enable SSL] | Select this check box to use SSL communication. [OFF] (not selected) is specified by default. | |
[Port No.(SSL)] | If necessary, change the SSL communication port number. In normal circumstances, you can use the original port number. [636] is specified by default. | |
[Certificate Verification Level Settings] | To verify the certificate, select items to be verified. If you select [Confirm] at each item, the certificate is verified for each item. | |
[Expiration Date] | Confirm whether the certificate is still valid. [Confirm] is specified by default. | |
[CN] | Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default. | |
[Key Usage] | Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default. | |
[Chain] | Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default. | |
[Expiration Date Confirmation] | Confirm whether the certificate has expired. Confirm for expiration of the certificate in the following order.
[Do Not Confirm] is specified by default. | |
Setting a secondary authentication server against shutdown of the quick authentication for printing server
When you are using the quick authentication for printing server, you can set a secondary authentication server to prepare for a case in which the primary authentication server has shut down.
Setting a secondary authentication server automatically changes to the secondary authentication server even if the primary authentication server used for normal operations has shut down, thereby, enabling the quick authentication for printing to be continued.
In the administrator mode, select [User Auth/Account Track] - [Simple Print Authentication Setting] - [Secondary Authentication Server Settings], then configure the following settings.
Settings
Description
[Secondary Authentication Server Settings]
Select [ON] to use the secondary authentication server.
[OFF] is specified by default.
[Reconnection Settings]
Specify the timing at which to reconnect to the primary authentication server.
[Set Reconnect Interval] is specified by default.
[Reconnect for every login]: Connects to the primary authentication server each time authentication is carried out on this machine. If the primary authentication server is shutting down, this machine is connected to the secondary authentication server.
[Set Reconnect Interval]: Connects to the secondary authentication server when the primary authentication server is shutting down when machine authentication is occurring. After this, this machine is connected to the secondary authentication server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary authentication server when machine authentication is occurring.
In the administrator mode, select [User Auth/Account Track] - [Simple Print Authentication Setting] - [Register Secondary Authentication Server], then click [Edit] to configure the following settings.
Settings
Description
[Server Address]
Enter the LDAP server address.
Use one of the following formats.
Example of host name entry: "host.example.com"
Example of IP address (IPv4) entry: "192.168.1.1"
Example of IP address (IPv6) entry: "fe80::220:6bff:fe10:2f16"
[Port No.]
If necessary, change the LDAP server port number.
In normal circumstances, you can use the original port number.
[389] is specified by default.
[Search Base]
Specify the starting point to search for a user to be authenticated (using up to 255 characters).
The range from the entered origin point, including the following tree structure, is searched.
Example of entry: "cn=users,dc=example,dc=com"
[Timeout]
If necessary, change the time-out time to limit a communication with the LDAP server.
[60] sec. is specified by default.
[General Settings]
Select the authentication method to log in to the LDAP server.
Select one appropriate for the authentication method used for your LDAP server.
[Simple]
[Digest-MD5]
[GSS-SPNEGO]
[NTLM v1]
[NTLM v2]
[Simple] is specified by default.
[Login Name]
Log in to the LDAP server, and enter the login name to search for a user (using up to 64 characters).
[Password]
Enter the password of the user name you entered into [Login Name] (using up to 64 characters, excluding ").
To enter (change) the password, select the [Password is changed.] check box, then enter a new password.
[Domain Name]
Enter the domain name to log in to the LDAP server (using up to 64 characters).
If [GSS-SPNEGO] is selected for [General Settings], enter the domain name of Active Directory.
[Use Referral]
Select whether to use the referral function, if necessary.
Make an appropriate choice to fit the LDAP server environment.
[ON] is specified by default.
[Search Attribute]
Enter the search attribute to be used for search of user using the LDAP server (using up to 64 characters, including a symbol mark -).
The attribute must start with an alphabet character.
[uid] is specified by default.
If a communication with the LDAP server is encrypted using SSL, select [User Auth/Account Track] - [Simple Print Authentication Setting] - [Register Secondary Authentication Server] in the administrator mode, then click [Edit] to configure the following settings.
Settings
Description
[Enable SSL]
Select this check box to use SSL communication.
[OFF] (not selected) is specified by default.
[Port No.(SSL)]
If necessary, change the SSL communication port number.
In normal circumstances, you can use the original port number.
[636] is specified by default.
[Certificate Verification Level Settings]
To verify the certificate, select items to be verified.
If you select [Confirm] at each item, the certificate is verified for each item.
[Validity Period]
Confirm whether the certificate is still valid.
[Confirm] is specified by default.
[CN]
Confirm whether CN (Common Name) of the certificate matches the server address.
[Do Not Confirm] is specified by default.
[Key Usage]
Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer.
[Do Not Confirm] is specified by default.
[Chain]
Confirm whether there is a problem in the certificate chain (certificate path).
The chain is validated by referencing the external certificates managed on this machine.
[Do Not Confirm] is specified by default.
[Expiration Date Confirmation]
Confirm whether the certificate has expired.
Confirm for expiration of the certificate in the following order.
OCSP (Online Certificate Status Protocol) service
CRL (Certificate Revocation List)
[Do Not Confirm] is specified by default.
To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Primary/Secondary Server Connection Status] - [Print Simple Auth.] in the administrator mode. If [Connection Enabled] is displayed, you can connect to both the primary and secondary authentication servers.