NTLM Authentication

 

            NTLM is an authentication protocol used in a variety of Microsoft networks.   Use the NTLM Authentication page to set up the device to that a MFP user can authenticate via the control panel with their Microsoft network credentials.

 

NTLM Server Settings

 

·         Primary WINS Server – Use the Primary WINS Server setting to specify either the host name or IP address of the primary WINS server.

·         Secondary WINS Server – Use the Secondary WINS Server to specify a backup host name or IP address for a WINS server.

·         Default Domain – The default domain used by this MFP.

·         NTLM Authentication Setting – Use the NTLM Authentication setting to specify the authentication setting used by the domain controllers on the network.

o       Send LM and NTLM encrypted password

§         Win 95

§          Win 98

§          Win ME

§          Mixed devices.

o       Send NTLM encrypted password

§         Win NT (earlier than service pack 4)

o       Use NTLM V2 Authentication

§         Win NT service pack 4

§         Win 2K or later operating systems

·         User information retrieval method

o       Use pseudo email address and alias

§         Example: john(america){noreply@america}

o       Use LDAP to obtain email address and alias

§         Use an LDAP server to return the email address associated to the user credentials entered.

 

Accessing the LDAP Server

 

·         LDAP Server Bind Method – Selects how the MFP will connect to the LDAP server. Check with you LDAP server’s administrator to determine the proper connection method.

o       Anonymous – The selected LDAP server does not require user credentials to access the LDAP database.

o       Simple – The selected LDAP server requires user credentials. 

§         NOTE: The Password, if any, will be sent across the network un-encrypted

·         Credentials

o       Distinguished Name (Username) and Password

§         The credentials that will be used to bind to a specific path (or sub-tree) in the LDAP server. The Distinguished Name must be explicitly fully specified. It is recommended that the bind path specified in the Distinguished Name match the Search Root field. This will ensure that the relative bind Distinguished Name has sufficient privileges to search from the specified search root.

§         NOTE: If a connection to the LDAP server wasn’t already explicitly established prior to the bind, the connection is implicitly established at bind time.

·         LDAP Server – The host name or IP address of the LDAP server whose database contains the centralized address book

o       NOTE: Some MFP models only recognize IP addresses.  In such cases, host names will be converted to the equivalent IP address.

·         Port – The TCP/IP port number on which the server is processing LDAP requests.  Typically, this is port 389.

 

Searching the Database

 

·         Search Root – The Distinguished Name (DN) of the entry in the LDAP directory structure where address searching is to begin. A DN is made up of ‘attribute=value’ pairs, separated by commas.

o       Example:

§         ou=engineering,o=Hewlett Packard,c=US

§         ou=marketing,o=Hewlett Packard,c=US

§         o=hp.com

§         ou=engineering,cn=users,dc=hp,dc=com

o       NOTE: On some LDAP servers, the Search Root can be left blank (in which case its root node will be assumed).

·         Match the name entered

·         with the LDAP attribute of – The attribute in the LDAP database that identifies a person in the address book. The value of this attribute will be compared to the person entered by the MFP user in order to retrieve that person’s email address. The following are some, but not all, possible LDAP attributes.

o       Example:

§         uid – User Identifier

§         cn -  Common Name

§         sn – Surname (Last Name)

§         givenName – First Name

·         match the MFP user logon ID

o       as entered - Select this value to match only the User name entered at the MFP's control panel.

o       as 'NT Domain\User name' - Select this value to include both the NT Domain name and User name entered at the MFP's control panel  in the matching process.  The Logon ID will be in the form of Domain\Username. This option is only available if Microsoft Windows has been selected as the Authentication Method.

o       as 'NT Domain:User name' - Select this value to include both the NT Domain name and User name entered at the MFP's control panel  in the matching process.  The Logon ID will be in the form of Domain:Username. This option is only available if Microsoft Windows has been selected as the Authentication Method.

·         Retrieve the device user’s

·         email address using attribute of – The LDAP attribute that contains the person’s e-mail address. The following are some, but not all, possible LDAP attributes.

o       Example:

§         rfc822MailBox

§         mail

·         and name using the attribute of – The LDAP attribute that contains the person’s name.

o       Example:

§         uid – User Identifier

§         cn -  Common Name

§         sn – Surname (Last Name)

§         givenName – First Name

·         Test – Tests the validity of your settings. This test can take a few moments to complete.