HomeWeb Management ToolPrinting with authentication by user name only (quick authentication)

Printing with authentication by user name only (quick authentication)

Setting flow

When quick authentication is allowed while user authentication is enabled, you can print with authentication by user name only (without a password) when making prints using the printer driver.

When using the quick authentication, follow the below procedure to configure the settings.

  1. Permitting quick authentication (Here)

  2. Configuring settings to suit your environment

    • Registering the quick authentication server (Here)

    • Establishing SSL communication (Here)

Permitting quick authentication

Specify whether to allow quick authentication.

Select [User Auth/Account Track] - [Simple Authentication setting] - [Simple Authentication setting] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.

Function

Description

[Simple Authentication setting]

When allowing the quick authentication, set this option to ON (default: OFF).

  • To permit the quick authentication, the login user name for this machine for MFP authentication, external server authentication, and enhanced server authentication must match the Windows login ID.

Registering the quick authentication server

You must inquire the LDAP server about the user name to obtain permission to access this machine in an environment where external server authentication is employed. This LDAP server is called the quick authentication server.

  1. Select [User Auth/Account Track] - [Simple Authentication setting] - [Register Simple Authentication Server] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine).

  2. Click [Edit] of [1st Server], and configure the following settings.

    Setting

    Description

    [Simple Authentication Server Name]

    Enter the name of the authentication server (using up to 32 characters).

    [External Authentication Server]

    Select the external authentication server used to associate the quick authentication (default: [No Selection]).

    When authentication succeeds, user authentication information is registered on the machine to manage users on the machine. This authentication information includes the user name and external authentication server name. The external authentication server name selected here is registered on the machine together with the user name.

    [Server Address]

    Enter the LDAP server address. Use one of the following formats.

    • Example to enter the host name: "host.example.com"

    • Example to enter the IP address (IPv4): "192.168.1.1"

    • Example to enter the IP address (IPv6): "fe80::220:6bff:fe10:2f16"

    [Port No.]

    If necessary, change the LDAP server port number (default: [389]).

    [Search Base 1] to [Search Base 3]

    Specify the starting point and range to search for a user to be authenticated.

    • [Search Base]: Specify the starting point to search for a target (using up to 255 characters).
      Example of entry: "cn=users,dc=example,dc=com"

    • [Search Range]: Select a tree search range (default: [Full Tree]).
      [Full Tree]: Makes a search, including the tree structure under the entered starting point.
      [Next hierarchy only]: Searches for only one level directly beneath the entered starting point. In this case, the level at the starting point is not included as a search target.

    [Timeout]

    If necessary, change the time-out time to limit a communication with the LDAP server (default: [60] sec.).

    [Authentication Type]

    Select the authentication method to log in to the LDAP server depending on your environment (default: [Simple]).

    • [Login Name]: Enter the login name used for LDAP authentication (using up to 64 characters).

    • [Password]: Enter the password for LDAP authentication (using up to 64 characters).

    • [Domain Name]: If [GSS-SPNEGO] is selected forĀ [Authentication Type], enter the domain name of Active Directory (using up to 64 characters).

    [Use Referral]

    Select whether to use the referral function (default: [ON]).

    [Search Attribute]

    When performing LDAP search, enter the search attribute to be automatically added before the user name (using up to 64 characters). The attribute must start with an alphabet character (default: [uid]).

    [Search Directory Service]

    If you select [Active Directory], you can limit a search target for authentication to users (default: [Other]). However, when a search target for authentication is limited to users, search target identification processing occurs on the server side, so the authentication time may be delayed. This function is available when the authentication server is set to Active Directory (Windows Server 2008 or later).

  3. Click [Edit] of [2nd Server] as needed, and configure the following settings.

    Setting

    Description

    [2nd Server Setting]

    When using the secondary server, set this option to ON (default: OFF).

    [Round Robin function]

    When using the round-robin function, set this option to ON (default: OFF).

    If you select round-robin function, you can alternately connect the primary and secondary servers to distribute the server load.

    [Reconnection Settings]

    Configure a setting to connect to the secondary server when the machine cannot be connected to the primary server (default: [Set Reconnect Interval]). When the round-robin function is enabled, this setting can also be used to connect to the primary server when the machine cannot be connected to the secondary server.

    • [Reconnect for every login]: Connects to the primary server each time authentication is carried out on this machine. If the primary server is shutting down, this machine is connected to the secondary server.

    • [Set Reconnect Interval]: Connects to the secondary server when the primary server is shutting down at the time the machine is being authenticated. After this, this machine is connected to the secondary server when machine authentication is occurring until the time specified in [Reconnection Time] lapses. After the time specified in [Reconnection Time] has lapsed, this machine is reconnected to the primary server when machine authentication is occurring.

    Secondary Server Information

    Register the secondary server.

    For details, refer to the registration contents of the primary server.

    To extract the primary server setting and configure the secondary server setting, tap [Same as 1st Server].

  • To check the status of the connection of the primary authentication server and the secondary authentication server, select [User Auth/Account Track] - [Authentication Server Connection status] - [Simple Auth.]. If [Connection Enabled] is displayed, you can connect to both the primary and secondary authentication servers.

Using SSL communication

If SSL is installed in your environment, enable SSL.

Select [User Auth/Account Track] - [Simple Authentication setting] - [Register Simple Authentication Server] - [Edit] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and configure the following settings.

Setting

Description

[Enable SSL]

When using SSL communications, set this option to ON (default: OFF).

  • [Port No.(SSL)]: If necessary, change the port number for SSL communication (default: [636]).

[Certificate Verification Level Settings]

To validate the certificate during SSL communication, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address (default: OFF).

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer (default: OFF).

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired (default: OFF). The expiration date confirmation is performed in the order of OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List).