HP LaserJet M5035 Multifunction Printer series - Initializing Kerberos authentication

background image

Initializing Kerberos authentication

Follow these steps to initialize Kerberos Authentication for your product.

NOTE

Embedded Kerberos Authentication uses session tickets in the authentication process.

The session tickets are time stamped by both the Kerberos Domain Controller (KDC) and the
product. It is essential that the stamped times are within five minutes of each other. This can be
accomplished by setting identical time on both the KDC and product.

1.

Open the HP EWS in a web browser.

2.

Select the Settings tab, and then Kerberos Authentication.

3.

Under the Accessing the Kerberos Authentication Server section, perform the following steps:

a.

Type the domain name in the Kerberos Default Realm (Domain) field. The domain name is
case-sensitive and must use only uppercase letters, for example: TECHNICAL.MARKETING.

b.

Type the product IP address in the Enter the Kerberos Server Hostname field, for
example: 15.62.64.203 (IP address)

NOTE

The Kerberos Server Port field fills automatically as 88.

4.

Under the Accessing the LDAP Server section, perform the following steps:

a.

Select Kerberos from the LDAP Server Bind Method drop-down menu.

b.

Click to select the Credential method you want to use.

If choosing Use Public Credentials, type in a username and password.

NOTE

Remember how you set up the username on the LDP screen. The username

is defined within the device user DN value in the LDP trace and is not in standard
Windows domain account format. The format is often your entire e-mail address,
including the @xx.xx.

76

Chapter 4 Setting the digital sending options

ENWW

background image

c.

Type the LDAP server in the LDAP Server field.

d.

Type 389 in the Port field.

5.

Under the Searching the LDAP Database section, perform the following steps:

a.

Paste the Search Prefix into the Search Root field.

b.

Type in the sAMAccountName into the Match the name entered with the LDAP attribute
of
field.

c.

Find the device user e-mail address in the LDP trace. Copy the attribute defining the e-mail
address, and paste it into the Retrieve the device user’s e-mail address using attribute
of
field.

Some Kerberos environments require very specific attributes. For example, the attribute used
here is userPrincipalName instead of mail.

d.

Find the device user name using the attribute of in the LDP trace. Copy the attribute defining
the name, and paste it into the and name using the attribute of field.

NOTE

The Kerberos environment requires cn instead of displayName.

e.

Click Apply.

When you have finished these steps, continue with the steps in the next section,

Configure the

Authentication Manager for Kerberos Authentication

.