HP 640n Print Server manual 9Kerberos, 10Kerberos Settings

Page 126

Table 5-9Kerberos page

Item

Description

 

 

Manually Specify Configuration

Manually configure the print server for Kerberos authentication. Click Next to display

 

the Kerberos Settings page.

 

 

Import Configuration Files

Configure the print server for Kerberos authentication by importing configuration files.

 

conf File Enter or browse to the krb5.conf file. In the libdefaults section,

 

include the default_realm andclockskew tag entries. In the realms

 

section, include the kdc tag entry.

 

keytab File Enter or browse to a Kerberos keytab file. Use the Ktpass.exe

 

command-line tool (the version prior to Microsoft Windows Server 2008 Support

 

Pack 1) to generate the keytab file. Use the principal name type

 

KRB5_NT_PRINCIPAL, and the encryption type DES-CBC-MD5.

 

Time Sync Period Specify the time interval (in minutes) that the HP Jetdirect

 

print server requests to synchronize its clock with a simple network time protocol

 

(SNTP) time server.

 

SNTP Server Specify the FQDN or IP address of an SNTP time server, if

 

required. By default, the SNTP server is the server used as the key distribution

 

center (KDC).

 

Click Next to return to the Identity Authentication page, and confirm that Kerberos

 

status indicates that it is Configured.

 

 

Kerberos Settings

Use the wizard to manually configure Kerberos account settings on the print server.

1.Use the Kerberos Settings page to provide Kerberos account and configuration settings.

2.Click Next to return to the Identity Authentication page, and confirm that Kerberos status indicates Configured.

Table 5-10Kerberos Settings page

Item

Description

 

 

KDC Server

FQDN of the domain controller used as the Kerberos KDC.

 

The FQDN consists of the device's host name and domain name. For example,

 

kdc01.support.hp.com is a fully qualified domain name, where kdc01 is the host

 

name and support.hp.com is the domain name.

Principal Realm

Kerberos principal realm in the form principal@REALM.

 

A unique principal name is associated with each Kerberos account. For the

 

HP Jetdirect print server active directory account, the principal is the user name for

 

the print server.

 

A Kerberos realm is similar in concept to a Microsoft Windows domain and contains

 

all the users, computers and services within a Kerberos installation. The realm is

 

case-sensitive, and is typically the DNS domain name specified in all uppercase

 

characters. For example, if the domain name is hp.com, the realm is HP.COM.

 

 

Password

Password for the HP Jetdirect account configured on active directory.

 

 

Encryption Type

Encryption type supported by the HP Jetdirect print server.

 

 

Key Version Number

Version number for the encryption keys associated with the principal and password.

 

 

116 Chapter 5 IPsec/Firewall configuration (V.45.xx.nn.xx)

ENWW

Page 125 Page 127
Image 126
Page 125 Page 127
Contents HP Jetdirect Print Servers Page HP Jetdirect Print Servers Trademark Credits Table of contents Mac OS network installation IPX/SPX 105 121125 139 165193 175179 211Introducing the HP Jetdirect print server Supported print serversSupported network protocols 2Supported network protocolsSecurity protocols AuthenticationEAP/802.1X port-based authentication Snmp IP and IPXWireless print server authentication Supplied manualsIPsec/Firewall HP support Firmware upgradesFirmware installation tools HP online supportProduct accessibility Product registration1Software Solutions HP Web Jetadmin see HP Web Jetadmin onOperating Environment Function Remarks HP software solutions summary HP Jetdirect Printer Installer for Unix HP Web JetadminSystem requirements Remove HP Web Jetadmin software Install HP Web Jetadmin softwareConfigure and modify a device Verify HP Web Jetadmin installation and provide accessMicrosoft-supplied software Http// IPaddress /ipp/port#Software tools Mac OS network installationNovell-supplied software Use Bonjour Mac OS XVerify network configuration Test the configurationEnww IPv6 configuration IPv6 address introductionIPv6 address configuration Link-local addressStateless addresses Stateful addressesUse DNS IPv4 configuration Server-based and manual TCP/IP configuration IPv4Tools and utilities Default IP address IPv4 Default IP address is not assignedDefault IP address is assigned Default IPv4 parameter Default IP on wireless and wired print serversDefault IPv4 address configuration options Dhcp requests enable/disableDefault IPv4 behavior TCP/IP configuration toolsUse BOOTP/TFTP IPv4 Advantages of using BOOTP/TFTPConfigure the print server using BOOTP/TFTP on Unix Systems using network information service NIS Configure the Bootp serverBootptab file entries IPv4 1Tags supported in a BOOTP/DHCP boot file RFC DescriptionTftp configuration file entries IPv4 2TFTP configuration file parameters Example HP Jetdirect Tftp configuration fileGeneral TCP/IP Main TCP/IP Print Options Lpd-printing or lpd-config,lpd Ftp-printing or ftp-config,ftpIpp-printing or ipp-config,ipp DefaultqTCP/IP Access Control TCP/IP Other SettingsTCP/IP Raw Print Ports Slp-client-mode Bonjour-configSlp-keep-alive Syslog-protocolCold-reset Idle-timeoutUser-timeout or telnet-timeout Icmp-ts-configSnmp-config Default-ipDefault-ip-dhcp Auth-trap or authentication-trapTrap-dest ip-address community name port number Ipx-config or ipx/spxTrap-dest or trap-destination Ipx-unit-nameOther Settings AppleTalkUse Dhcp IPv4 Unix systemsSupport Discontinue Dhcp configuration Use Rarp IPv4Microsoft Windows systems Use the arp and ping commands IPv4 Laserjet1Use Telnet IPv4 Arp -s IP address LAN hardware address Ping IP addressCreate a Telnet connection Typical Telnet sessionTelnet command line interface default Telnet user interface options3Telnet Commands and Parameters Command Description User Control CommandsWireless 802.11 Main Network-type Passphrase commandAmpdu Aggregation Desired-ssidEncryption Dot11-switch-timePsk-passphrase Wep-key-method00a0f8387af7 Wireless DiagnosticsRoam-threshold Host-nameTftp Filename Ipsec-config Firewall-configTftp Server Hpnp/printer1.cfgPri-dns-svr Domain-name support.hp.comPrinter1.support.hp.com Pri-wins-svrTCP/IP LPD Queues Allow TCP/IP OtherSyslog-svr To 1440 Enable Bonjour Domain NameUser-timeout Ftp-downloadEws-config Gw-disableTcp-mss TCP/IP Diagnostics Snmp Traps Pjl-banner PhaseIpx-mode Ipx-bannerOther 1000t-ms-conf 1000t-pause-confNetwork-select Menu Interface Web JetAdmin URLWeb JetAdmin Name Support-contact1Example Using the Menu Interface Use Telnet to remove an IP addressUse the HP Embedded Web Server Use the printer control panelMove to another network IPv4 Enww HP Embedded Web Server V .xx.nn.xx View the HP Embedded Web Server Supported HP Web Jetadmin versionRequirements Compatible Web browsersView the HP Embedded Web Server HP Jetdirect Home tab Operating notes1HP Jetdirect Home Page Items Networking tab Device tabsDiagnostics section Wireless StationConfiguration section 2Networking Menu Items3Wireless Station configuration parameters Ad Hoc Network peer-to-peer Network Name SsidRefresh ChannelWEP Enterprise WPA WiFi Protected Access WPA-PersonalHpSecureNetwork Restore Defaults WPA-EnterpriseTCP/IP Settings Summary tab4TCP/IP Summary tab Network Identification tab 5TCP/IP Network Identification tabTCP/IPv4 tab 6TCP/IPv4 tabTCP/IPv6 tab 7TCP/IPv6 tabConfig Precedence tab 8TCP/IP Config Precedence tabAdvanced tab 9TCP/IP Advanced tabDefault IP Proxy Server PasswordDisable Manually ConfiguredNetwork Settings 10IPX/SPX tab settingsAppleTalk AppleTalk Name 11AppleTalk tab settingsAppleTalk Enable Type12SNMP tab settings Other Settings Misc. Settings13Miscellaneous Settings Link settings Certificate Mgmt ServiceWeb Services Print Locally Administered AddressLPD Queues Firmware UpgradeService Bonjour Highest PriorityPrepend String Name 14LPD Queues tab settingsQueue Name Append String NameRaw or text Default Queue NameQueue Type String NameSecurity Settings Select Language15Wizard Security Levels Security Level Description Basic SecurityRecommended Restore DefaultsSecurity Level Description Enhanced Security Custom SecurityPrinter Password Synchronization AuthorizationAdmin. Account CertificatesConfigure certificates 16Certificate configuration screensEncryption Key Length Install CertificateCertificate Validity Period Certificate InformationInstall Certificate or Install CA Certificate screens ExamplesDomain Name myprinter.mydepartment.mycompany.com Access Control ExamplesMgmt. Protocols Web MgmtSnmp Other Enable Print ProtocolsEnable Print Services 17Other protocolsMight be disabled without notification 802.1X AuthenticationEnable Device Discovery Naming Resolution18802.1X configuration settings Device Announcement Agent Other Links Enww IPsec/Firewall configuration V .xx.nn.xx 1Firewall Policy 1IPsec/Firewall Policy IPsec security associations SA Default Rule exampleAll IPv4 Addresses All Jetdirect Print Services HP Jetdirect IPsec/Firewall wizardLimitations to rules, templates and services 2Limitations to rules, templates and servicesLimit Specify Address Template Create Address Template4Create Service Template Specify Service TemplateCreate Service Template 3Create Address Template5Manage Services Manage ServicesManage Custom Services 6Manage Custom ServicesSpecify Action Specify IPsec/Firewall TemplateIdentity Authentication Create IPsec Template7Create IPsec Template Certificates 8Identity AuthenticationKerberos Certificates onKerberos Settings 10Kerberos Settings9Kerberos IKEv1/IKEv2 Phase 1 Authentication IKEv1/IKEv2 Phase 2 / Quick Mode IPsec Protocols11IKEv1/IKEv2 Phase 1 Authentication 13Advanced IKE Settings Advanced IKE Settings12IKEv1/IKEv2 Phase 2 / Quick Mode Settings IPsec Protocols IPsec Protocols Manual Keys15Manual Keys Manual Keys14IPsec Protocols Manual Keys Value for an SA to use for packets received by the deviceRule Summary Configure Microsoft Windows systemsAuthentication Key FormatSecure Embedded Web Server Management 1Summary of HP Jetdirect security featuresIP Administrator Password IPsec/FirewallTelnet Control IPv4 Access Control ListAuthentication and Encryption IPv4/IPv6 Snmp v1/v2c Set Community Name IP/IPXHP Web Jetadmin IPv4 Password and Profiles Configuration Precedence TablePrinter Control Panel Lock Medium Limit access to security features2Settings for Access Control HighTroubleshoot the HP Jetdirect print server Reset to factory defaults Example Cold reset using the service menuReset to factory defaults Disable an HP Jetdirect embedded print server V .xx.nn.xx General troubleshooting Troubleshooting chart assess the problemProcedure 1 Verify the printer is on and online Procedure 2 Print an HP Jetdirect configurationProcedure 3 Resolve printer display error messages Procedure 4 Resolve printer network communication problems Telnet IP address port Enww Troubleshooting wireless print servers Unable to communicate during initial setupUnable to communicate after initial setup My configured channel does not match the configuration Firmware download failure SymptomsImproving reception and performance Corrective actionsEnww HP Jetdirect configuration pages Configuration page format HP Jetdirect configurationStatus field error messages 1Configuration Page Sections2HP Jetdirect Configuration/General Information Configuration page messagesHP Jetdirect Configuration/General Information MessageDescriptionWireless station settings Message Description3802.11 Wireless station settings Security Settings Firewall Admin PasswordIPsec Cert ExpiresUnicast Packets Received Network StatisticsTotal Packets Received BAD Packets ReceivedTCP/IP configuration information TCP/IP protocol informationIPv4 section IP Address Default GatewayConfig by Subnet MaskIPv6 section IPv4 SectionIPX/SPX configuration information IPX/SPX protocol informationIPv6 Section Novell/NetWare parameters AppleTalk protocol informationCN=ljpserver.OU=support.OU=mycity.OU=mycompany 12 DLC/LLC configuration information Error messages11 AppleTalk configuration information DLC/LLC protocol information13Error messages Error Code and Message DescriptionNetwork Reconfig Must LAN Error Retry FaultsLAN Error no Linkbeat Reboot DisconnectedDisconnecting SPX Unable to LoginUnable to SET Password TimeoutError 2B NDS ERR Unable to Login2C NDS Authentication Error NDS PS Printer List Error4F Tftp Remote Error Novram Error4D CF ERR Access List Tftp Local ErrorBOOTP/RARP in Progress BAD BOOTP/DHCP ReplyBAD Bootp TAG Size BOOTP/DHCP in ProgressHP Jetdirect Security Dhcp Lease TimersAdjusted Trying to Connect to2HP Jetdirect Security 14General InformationCurrent IPsec status IPsec Error Log Local IP addressesIPsec Statistics 16IPsec statistics IKE StatsIPsec Rules 17IKE Statistics18IPsec Security Associations Available Network ServicesIPsec Security Associations SA table SRCLPD printing Table A-1LPD programs and protocols Requirements for configuring LPDAbout LPD Purpose of ProgramSet up print queues LPD setup overviewSet up IP parameters Print a test fileConfigure print queues for BSD-based systems LPD on Unix systemsUse SAM to configure print queues HP-UX systems Example jetdirect1LPD on Microsoft Windows Server 2003/2008 systems Print a test fileInstall TCP/IP software Verify the configuration Add LPR compatible printer windowPrint from Microsoft Windows clients Configure a network LPD printerLPD on Microsoft Windows XP systems Add Microsoft Windows optional networking componentsCreate an LPR port for an installed printer Click Start, Printers and FaxesFTP connections Print filesUse FTP printing Control connectionFTP login Data connectionCommand Description CommandsTable B-1User commands for HP Jetdirect FTP server End the FTP sessionExample FTP Session PORT1HP Jetdirect control panel menus V .xx.nn.xx Menu item Sub-menu item Values and Description Graphical control panel menusTable C-1HP Jetdirect EIO Menu on Graphical Control Panel SsidEnable Configure Keys Transmit KeyReset IPv4 Settings Config MethodIPv6 Settings Enable Manual SettingsDefault IP Dhcp RenewProxy Port DHCPv6 PolicyProxy Server Frame TypeSecurity Print Sec AppleTalk EnableReset Security IPsec or FirewallLAN HW Test Enable WipeCode Verification Http TestData Path Test TimeoutSnmp Test Select All TestsPackets Received Ping ResultsPackets Sent Percent LostLink Speed Print ProtocolsMenu Item Description Classic control panel EIO menusTable C-2HP Jetdirect EIO Menu on Classic Control Panel CFG NetworkMenu Item CFG IPX/SPXWEB Firewall SecurityIpsec Code VerificationEnww Open source licensing statements GSOAPExpat XML Parser CURL Copyright and Permission NoticeGNU General Public License GNU General Public LicenseGNU General Public License Enww No Warranty END of Terms and Conditions GNU Lesser General Public License GNU Lesser General Public LicenseEnww Enww Enww Enww Enww GNU Lesser General Public License OpenSSL OpenSSL licenseOriginal SSLeay license OpenSSL Appendix D Open source licensing statements Index See also Gateway NDS Novram Error Total Packets Rcvd Enww Page  Hewlett-Packard Development Company, L.P
Related manuals
Manual 56 pages 58.74 Kb
Top Page Image Contents