Employing the NTLM authentication

Overview

When you use Active Directory of Windows Server (NT-compatible domain environment) for user management, you can restrict users of this machine by authentication using NTLM.

Employing the user authentication enables security- and cost-conscious advanced operations such as restricting users from accessing this machine, restricting users from using the functions by user, and managing the use status of this machine.

When employing the NTLM authentication function, follow the below procedure to configure the settings.

  1. Configure settings for connecting to the network such as setting of the IP address of this machine

    supplementary explanationFor details on configuring the setting, refer to [Configuring network environment settings] .

  2. Configure basic settings for the NTLM authentication

    supplementary explanationFor details on configuring the setting, refer to [Configuring basic settings for the NTLM authentication] .

  3. Set the following options according to your environment

    Purpose

    Reference

    Resolve the name using the WINS server

    [Using the WINS server]

    Use the NTLM authentication function in the IPv6 environment

    [Using the direct hosting SMB service]

    Send original data scanned by this machine easily to the login user's own address using E-mail (Scan to Me)

    [Sending to your address (Scan to Me)]

    Notify the login user's own address of the URL of the original data scanned by this machine by E-mail (Scan to URL)

    [Sending the download URL to your address (Scan to URL)]

    Construct a single sign-on environment for the SMB transmission

    [Constructing a single sign-on environment for the SMB transmission]

    Restrict available functions by user

    [Restricting available functions by user or account]

    Restrict the access to destinations by user

    [Methods to limit access to destinations]

    Change function keys displayed in the Touch Panel by user

    [Changing the function key display pattern by user or account]

    Specify the operations of the ID & Print function

    [Specifying the operations of the ID & Print function]

    Specify the operations of this machine when you log out

    [Configuring common settings when using the authentication function]

    Restrict print jobs without authentication information

    [Restricting print jobs without authentication information]

    Print data from the printer driver without using the password

    [Printing without password (Quick authentication)]

Configuring basic settings for the NTLM authentication

Register your authentication server on this machine. In addition, change the authentication method of this machine so that authentication is performed using the registered authentication server.

  1. In the administrator mode, select [User Auth/Account Track] - [External Server Settings] - [Edit], then configure the following settings.

    Settings

    Description

    [External Server Name]

    Enter the name of your authentication server (using up to 32 characters).

    Assign an easy-to-understand name to the authentication server to be registered.

    [External Server Type]

    Select [NTLM v1] or [NTLM v2].

    [Default Domain Name]

    Enter the default domain name of your authentication server (using up to 64 characters). The default domain name cannot be prefixed by an asterisk (*).

  2. In the administrator mode, select [User Auth/Account Track] - [General Settings], then configure the following settings.

    Settings

    Description

    [User Authentication]

    When performing authentication using an external authentication server, select [ON (External Server)] or [ON (MFP + External Server)].

    If you want to configure setting so that you can log in to this machine using its authentication function in consideration of an occurrence of some sort of problem on the external authentication server, select [ON (MFP + External Server)].

    [Overwrite User Info]

    When the external server authentication is used, authenticated user information is also managed on this machine. If the number of users who have executed the external server authentication reaches the maximum number of users this machine can manage, authentication of any new users will not be permitted. Select whether to allow the user to overwrite registered user information for that case.

    If you select [Allow], the oldest authenticated user information is erased and the new user is registered.

    [Restrict] is specified by default.

    [Default Authentication Method]

    If you have selected [ON (MFP + External Server)] at [User Authentication], select the authentication method you use normally.

    [ON (External Server)] is specified by default.

    [When Number of Jobs Reach Maximum]

    Sets the maximum number of sheets that each user can print. Here, select an operation if the number of sheets exceeds the maximum number of sheets that can be printed.

    • [Skip Job]: Stops the job currently running, and starts printing the next job.

    • [Stop Job]: Stops all jobs.

    • [Delete Job]: Deletes the active job.

    [Skip Job] is specified by default.

    [Temporarily Save Authentication Information]

    To temporarily save authentication information in the main unit against a case where an external authentication server shuts down, select [Enable].

    [Disable] is specified by default.

    [Reconnection Settings]

    If necessary, change the time to reconnect to the authentication server.

    • [Reconnect for every login]: Connects to the authentication server at the time authentication is carried out on this machine. If the authentication server is in the shutdown state at the time authentication is carried out on this machine, first confirm that the authentication server is down, and use the temporarily saved authentication information to log in to this machine.

    • [Set Reconnect Interval]: Connect to the authentication server at the time specified in [Reconnection Time], and check the status of the authentication server. If the authentication server is in the shutdown state, use the authentication information temporarily saved in the main unit to log in.

    [Set Reconnect Interval] is specified by default.

    [Expiration Date Settings]

    Select [Enable] to set the expiration date to the temporarily saved authentication information. If [Enable] is selected, enter the expiration date.

    [Disable] is specified by default.

Using the WINS server

If the WINS server is installed to resolve the name, set the WINS server address and the name resolution method.

In the administrator mode, select [Network] - [SMB Setting] - [WINS/NetBIOS Settings], then configure the following settings.

Settings

Description

[WINS/NetBIOS]

Select [ON] to use the WINS server.

[ON] is specified by default.

[Auto Obtain Setting]

Select [Enable] to automatically obtain the WINS server address.

This item is necessary when DHCP is enabled.

[Enable] is specified by default.

[WINS Server Address1]/[WINS Server Address2]

Enter the WINS server address.

This item is necessary when you do not automatically obtain the WINS server address using the DHCP.

Use the following entry formats.

  • Example of entry: "192.168.1.1"

[Node Type Setting]

Select the name resolution method.

  • [B Node]: Query by broadcast

  • [P Node]: Query the WINS server

  • [M Node]: Query by broadcast, and then query the WINS server

  • [H Node]: Query the WINS server, and then query by broadcast

[H Node] is specified by default.

Using the direct hosting SMB service

Enabling the direct hosting SMB service allows you to specify the destination using the IP address (IPv4/IPv6) or host name.

In the administrator mode, select [Network] - [SMB Setting] - [Direct Hosting Setting], and then set [Direct Hosting Setting] to [ON]. You can use this function with the default settings unless otherwise requested.