Konica Minolta AU-211P User Manual

Authentication Unit AU-211P For

User’s Guide

Contents

Contents ............................................................................ 1

1 Introduction....................................................................... 3

1.1 Safety Information ................................................................................ 4

2 Getting Started.................................................................. 7

2.1 Product Overview ................................................................................. 7

2.2 Part names and their functions ........................................................... 8

2.3 Pre-Setting ............................................................................................ 9

2.3.1 Configuring Network Settings ........................................................... 9

2.3.2 Registering Active Directory for Authentication ............................... 11

2.3.3 Correcting the MFP Time ................................................................ 12

2.3.4 Registering the DNS Server Associated with Active Directory ........ 13

2.3.5 Specifying the PIV Transitional Mode .............................................. 14

2.3.6 Configuring Settings for Verifying the Active Directory

2.4 Operation Settings ............................................................................. 20

Certificate ........................................................................................ 15

3 How to Use the Authentication Unit ............................. 21

3.1 Login and Logout ............................................................................... 21

3.1.1 Login ................................................................................................ 21

3.1.2 Logout ............................................................................................. 23

3.2 Functions Using the PKI Card Authentication System ................... 24

3.3 Address Search (LDAP) Using PKI Card .......................................... 25

3.3.1 Overview .......................................................................................... 25

3.3.2 Related Settings .............................................................................. 26

3.3.3 Handling Address Search (LDAP) .................................................... 28

3.4 SMB TX Using PKI Card .................................................................... 31

3.4.1 Overview .......................................................................................... 31

3.4.2 Related Settings .............................................................................. 32

3.4.3 Using SMB TX ................................................................................. 34

AU-211P 1

Contents

3.5 Scan to E-mail (S/MIME) Using PKI Card ........................................ 36

3.5.1 Overview .......................................................................................... 36

3.5.2 Related Settings .............................................................................. 37

3.5.3 Encrypting an E-Mail and Adding a Digital Signature ..................... 39

3.6 PKI Card Print ..................................................................................... 40

3.6.1 Overview .......................................................................................... 40

3.6.2 Installing the Printer Driver .............................................................. 41

3.6.3 Specifying the Print Data Deletion Time .......................................... 44

3.6.4 Handling PKI Card Print .................................................................. 45

3.7 Scan To Me ......................................................................................... 50

3.7.1 Overview .......................................................................................... 50

3.7.2 Before Using Scan To Me ............................................................... 52

3.7.3 Related Settings .............................................................................. 52

3.7.4 Handling Scan To Me ...................................................................... 53

3.8 Scan To Home .................................................................................... 54

3.8.1 Overview .......................................................................................... 54

3.8.2 Before Using Scan To Home ........................................................... 55

3.8.3 Related Settings .............................................................................. 56

3.8.4 Using Scan To Home ...................................................................... 57

4 Added or Changed Setting Information........................ 58

4.1 User Settings ...................................................................................... 58

4.1.1 System Settings .............................................................................. 58

4.2 Administrator Settings ....................................................................... 59

4.2.1 System Settings .............................................................................. 59

4.2.2 User Authentication/ Account Track ............................................... 59

4.2.3 Network Settings ............................................................................. 60

4.2.4 Security Settings ............................................................................. 61

4.2.5 License Settings .............................................................................. 61

5 Appendix.......................................................................... 62

5.1 Product Specifications ...................................................................... 62

5.2 Cleaning the Authentication Unit ...................................................... 62

5.3 Troubleshooting ................................................................................. 63

AU-211P 2

Introduction

1 Introduction

Thank you for choosing this device.

This User’s Guide provides descriptions of the operating procedures and precautions for using Authentication Unit (IC Card Type) AU-211P. Carefully read this User’s Guide before using this device.

The actual screens that appear may be slightly different from the screen images used in this User’s Guide.

Trademark/copyright acknowledgements

- Microsoft

trademarks of Microsoft Corporation in the United States and/or other countries.

- All other company names and product names mentioned in this

User’s Guide are either registered trademarks or trademarks of their respective companies.

Restrictions

- Unauthorized use or reproduction of this User’s Guide, whether in its

entirety or in part, is strictly prohibited.

- The information contained in this User’s Guide is subject to change

without notice.

and Windows® are either registered trademarks or

AU-211P 3

Introduction

1.1 Safety Information

Carefully read this information, and then store it in a safe place.

- Before using this device, carefully read this information and follow it

to operate the device correctly.

- After reading this information, store it in the designated holder with

the warranty.

Important information

- The reprinting or reproduction of the content of this publication, either

in part or in full, is prohibited without prior permission.

- The content of this publication is subject to change without notice.

- This publication was created with careful attention to content;

however, if inaccuracies or errors are noticed, please contact your sales representative.

- The marketing and authorization to use our company’s product

mentioned in this information are provided entirely on an “as is” basis.

- Our company assumes no responsibility for any damage (including

lost profits or other related damages) caused by this product or its use as a result of operations not described in this information. For disclaimers and warranty and liability details, refer to the User’s Guide Authentication Unit (IC Card Type AU-211P).

- This product is designed, manufactured and intended for general

business use. Do not use it for applications requiring high reliability and which may have an extreme impact on lives and property. (Applications requiring high reliability: Chemical plant management, medical equipment management and emergency communications management)

- Use with other authentication devices is not guaranteed.

- In order to incorporate improvements in the product, the

specifications concerning this product are subject to change without notice.

For safe use

• Do not this product near water, otherwise it may be damaged.

• Do not cut, damage, modify or forcefully bend the USB cable. A malfunction may occur as a result of a damaged or cut USB cable.

• Do not disassembly this device, otherwise it may be damaged.

AU-211P 4

Introduction

Regulation notices

USER INSTRUCTIONS FCC PART 15 - RADIO FREQUENCY DEVICES (For U.S.A. Users)

NOTE:

This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.

These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interface by one or more of the following measures:

WARNING:

The design and production of this unit conform to FCC regulations, and any changes or modifications must be registered with the FCC and are subject to FCC control. Any changes made by the purchaser or user without first contacting the manufacturer will be subject to penalty under FCC regulations.

FCC: Declaration of Conformity

Product Type Authentication Unit (IC Card Type)

Product Name AU-211P

(This device complies with Part 15 of the FCC Rules.) Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of this device.

- Reorient or relocate the receiving antenna.

- Increase the separation between the equipment and receiver.

- Connect the equipment into an outlet on a circuit different from that

to which the receiver is connected.

- Consult the dealer or an experienced radio/TV technician for help.

AU-211P 5

Introduction

INTERFERENCE-CAUSING EQUIPMENT STANDARD (ICES-003 ISSUE

4) (For Canada Users)

(This device complies with RSS-Gen of IC Rules.) Operation is subject to the following two conditions: (1) this device may not cause interference, and (2) this device must accept any interference, including interference that may cause undesired operation of this device.

This Class B digital apparatus complies with Canadian ICES-003.

Cet appareil numérique de la classe B est conforme à la norme NMB-003 du Canada.

AU-211P 6

Getting Started

2 Getting Started

2.1 Product Overview

This product is a PKI card authentication unit that scans a PKI card (CAC or PIV card) to perform personal authentication.

Connecting this unit enables you to run a PKI card authentication system (hereinafter referred to as "this system") that uses the PKI card authentication unit on the MFP.

Using this system will enable you to carry out operations without making a password public on the network, and to configure the system environment with a higher level of security. You can also implement the unique functions using this system on the MFP.

Use conditions

The following conditions are required to use this system.

- PKI card authentication unit (This unit)

- MFP compatible with a PKI card authentication system

- PKI card available for PIV and CAC

- User management using Active Directory (Kerberos authentication +

PKINIT)

- Connectable to the MFP via the USB port. (The MFP contains the

optional local connection kit.)

Note

This system can not be used with applications other than the printer driver and PageScope Authentication Manager compatible with this system.

Reminder

Do not disconnect the USB cable while using this unit. Doing so may cause this system to become unstable.

AU-211P 7

Getting Started

2.2 Part names and their functions

No. Part name Description

1 Card inlet Used to insert the PKI card.

2 LED lamp Turns green when you log in using the PKI card.

Blinks green while authentication.

3 USB cable Used for connecting this device to the

multifunctional product.

AU-211P 8

Getting Started

2.3 Pre-Setting

To use this system, pre-configure the following settings on the MFP.

- Configuring network settings (page 9)

- Registering Active Directory for authentication (page 11)

- Correcting the MFP time (page 12)

- Registering the DNS server associated with Active Directory

(page 13)

- Specifying the PIV transitional mode (page 14)

- Configuring settings for verifying the Active Directory certificate

(page 15)

2.3.1 Configuring Network Settings

Configure the basic settings required to use the MFP in a network environment.

TCP/IP Settings

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [TCP/IP Settings].

Item Description

ON/OFF Select [ON].

IPv4 Settings

Item Description

IP Application Method Select whether to automatically retrieve the IP address

or directly specify it.

Auto Input When automatically retrieving the IP address, select the

automatic retrieval method.

IP Address When directly specifying the IP address, enter the IP

AU-211P 9

address of the MFP.

Getting Started

Item Description

Subnet Mask When directly entering the IP address, specify the

Default Gateway When directly entering the IP address, specify the

IPv6 Settings

Note

These settings are required when using the MFP in an IPv6 environment.

Item Description

ON/OFF Select [ON] when using the MFP in an IPv6

Auto IPv6 Settings Select [ON] when automatically retrieving the IPv6

DHCPv6 Setting Select [ON] when retrieving the IPv6 address using

Global Address Specify the IPv6 global address when not automatically

Prefix Length Specify the IPv6 global address prefix length when not

Gateway Address Specify the IPv6 gateway address when not

Link-Local Address Displays the link-local address generated from the MAC

DNS Host

subnet mask for the connected network.

default gateway for the connected network.

environment.

address.

DHCPv6.

retrieving the IPv6 address.

automatically retrieving the IPv6 address.

address.

Item Description

DNS Host Name Specify the host name of the MFP (up to 63 characters).

Dynamic DNS Settings Select [Enable] when automatically registering the

specified DNS host name in the DNS server that supports the Dynamic DNS function.

DNS Domain

Item Description

Domain Name Auto Retrieval

Select whether to automatically retrieve the domain name. This item is available when using DHCP.

AU-211P 10

Getting Started

Item Description

Search Domain Name Auto Retrieval

Default DNS Domain Name

DNS Search Domain Name 1 to 3

Select whether to automatically retrieve the search domain name. This item is available when using DHCPv6.

Specify the domain name that the MFP is connected to (up to 255 bytes with the host name).

Specify the DNS search domain name (up to 253 bytes).

2.3.2 Registering Active Directory for Authentication

External Server Settings

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [User Authentication/Account Track] - [External Server Settings] - [New].

Item Description

Server Name Specify the name of the external server (up to 32

characters).

Server Type Select Active Directory, and specify its default domain

name (up to 64 characters).

Detail

When registering multiple Active Directory services, specify the default Active Directory previously. Select the desired Active Directory on the External Server Settings screen, and press [Set as Default].

AU-211P 11

Getting Started

2.3.3 Correcting the MFP Time

You cannot log into Active Directory if the MFP system time is extremely different between the MFP and Active Directory. Correct the MFP time so it matches the Active Directory time with the system time.

Time Adjustment Setting

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [Forward] - [Detail Settings] [Time Adjustment Setting].

Page 1/2

Item Description

ON/OFF Select [ON].

Auto IPv6 Retrieval To automatically obtain the IPv6 address of the NTP

server, select [ON]. This item is necessary when IPv6 is used while DHCPv6 is enabled.

Host Address Specify the host address of the NTP server associated

with Active Directory.

Port Number Specify the port number.

Set Date Correct the time.

Page 2/2

Item Description

Auto Time Adjustment When an automatic time correction is made, select

[ON].

Polling Interval When [ON] is selected for Auto Time Adjustment, set the

polling interval.

AU-211P 12

Getting Started

2.3.4 Registering the DNS Server Associated with Active Directory

DNS Server Settings (IPv4)

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [DNS Server Settings (IPv4)].

Item Description

DNS Server Auto Obtain Select whether to automatically obtain the DNS server

Priority DNS Server Specify the IPv4 address of the priority DNS server

Secondary DNS Server 1 and 2

DNS Server Settings (IPv6)

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [DNS Server Settings (IPv6)].

address. This item is available when using DHCP.

associated with Active Directory.

Specify the IPv4 address of the secondary DNS server associated with Active Directory.

Note

These settings are required when using the MFP in the IPv6 environment.

AU-211P 13

Getting Started

Item Description

DNS Server Auto Obtain Select whether to automatically obtain the DNS server

address. This item is available when using DHCPv6.

Priority DNS Server Specify the IPv6 address of the priority DNS server

associated with Active Directory.

Secondary DNS Server 1 and 2

Specify the IPv6 address of the secondary DNS server associated with Active Directory.

2.3.5 Specifying the PIV Transitional Mode

Specify the PIV transitional mode.

Authentication Device Settings

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [User Authentication/Account Track] [Authentication Device Settings] - [General Settings] - [PKI Card Authentication].

Item Description

PIV Transitional Mode Select PIV or CAC as the PIV transitional mode.

AU-211P 14

Getting Started

2.3.6 Configuring Settings for Verifying the Active Directory Certificate

Configure the certificate verification settings to verify the Active Directory certificate when communicating with Active Directory.

Certificate Verification Setting

On the MFP control panel, press the [Utility/Counter] key, and then [Administrator Settings] - [User Authentication/Account Track] - [Certificate Verification Setting].

Item Description

Verify Validity Period Select whether to verify that the certificate is within the

Check Root Signature Select whether to check the root signature.

Check CRL Expiration Select whether to check that the certificate is not

Check OCSP Expiration Select whether to check that the certificate is not

validity period.

To check the root signature, view the external certificates managed on the MFP. For details on how to register an external certificate on the MFP, refer to "External Certificate Setting" (page 18).

expired in the CRL (Certificate Revocation List).

expired in the OCSP service. For details on how to configure the OCSP service setting, refer to "Certificate Verification Settings" (page 16).

AU-211P 15

Getting Started

Certificate Verification Settings

In the PageScope Web Connection administrator mode, select [Security], and then [Certificate Verification Settings].

Note

For details on how to use PageScope Web Connection, refer to the User's Guide [Network Administrator] supplied together with the MFP.

Item Description

Certificate Verification Settings

Timeout Enter the timeout period to check the expiration date.

OCSP Service Select this check box to use an OCSP service.

URL Enter the URL of the OCSP service (up to 511

Proxy Server Address To check the expiration date via a proxy server, enter

Select [ON] to enable certificate verification.

characters). If this item is left blank, the system accesses the URL of the OCSP service embedded in the certificate. If the URL of the OCSP service is not embedded in the certificate, it will result in an error.

the proxy server address. If the DNS server is specified, you can enter the host name instead. If [IPv6] is set to [ON], you can also specify the IPv6 address.

AU-211P 16

Getting Started

Item Description

Proxy Server Port Number

User Name Enter the user name to log in to the proxy server (up to

Password Enter the password to log in to the proxy server (up to

Address not using Proxy Server

Enter the port number for the proxy server.

63 characters).

63 characters). When changing the registered password, select [Password is changed.], and enter a new password.

Specify an address with no proxy server used depending on your environment when checking the expiration date. If the DNS server is specified, you can enter the host name instead. If [IPv6] is set to [ON], you can also specify the IPv6 addresses.

AU-211P 17

Getting Started

External Certificate Setting

In the PageScope Web Connection administrator mode, select and then

Detail

• To check the root signature in Certificate Verification, register the external certificate you want to view when checking the root signature as necessary.

• For details on how to use PageScope Web Connection, refer to the User's Guide [Network Administrator] supplied together with the MFP.

[Security] ,

[PKI Settings] - [External Certificate Setting].

Item Description

Certificate type Select the type of the external certificate you want to

display, and click [Changes the display]. You will see a list of the selected types of external certificates.

[New Registration] Click this button to register a new external certificate.

Click [Browse] in the New Registration screen, and specify a new external certificate.

Issuer Displays the issuer of the external certificate.

Subject Displays the destination to issue the external certificate.

Validity Period Displays the validity period of the external certificate.

Detail View the detailed information about the external

Delete Displays the deletion confirmation dialog box. If

AU-211P 18

certificate.

necessary, you can delete the external certificate.

Getting Started

Item Description

File Click [Browse] in the Import Certificates (PEM/DER)

screen, and specify a new external certificate to be registered.

• If [Trusted CA Root Certificate] is selected, register the root certificate from the CA (Certificate Authority).

• If [Trusted CA Intermediate Certificate] is selected, register the intermediate certificate from the CA (Certificate Authority).

• If [Trusted EE (End Entity) Certificate] is selected, register the certificates individually.

• If [Non-Trusted Certificate] is selected, register the non-trusted certificates individually.

AU-211P 19

+ 45 hidden pages