Previous
Specify this authentication when using the Windows domain controller to authenticate users who have their accounts on the directory server. Users cannot be authenticated if their accounts are not registered in the directory server. Under Windows authentication, you can specify the access limit for each group registered to the directory server. The Address Book stored in the directory server can be registered to the printer, so that user authentication can be enabled without using the printer to register individual settings in the Address Book.
The first time you access the printer, you can use the functions available to your group. If you are not registered to a group, you can use the functions available under "*Default Group". To limit the functions that are available to users, first configure the Address Book.
During Windows Authentication, data registered to the directory server, such as the login user name, is automatically registered to the printer. If user information on the server is changed, information registered to the printer may be overwritten when authentication is performed.
Users in other domains are subject to user authentication, but they cannot obtain credentials such as login user names.
If you created a new user in the domain controller and selected "User must change password at next logon" at password configuration, first log in to the computer and change the password.
If the authenticating server only supports NTLM when Kerberos authentication is selected on the printer, the authenticating method will automatically switch to NTLM.
If the "Guest" account on the Windows server is enabled, even users not registered to the domain controller can be authenticated. When this account is enabled, users are registered to the Address Book and can use the functions available under "*Default Group".
Windows authentication can be performed using one of two authentication methods: NTLM or Kerberos authentication. The operational requirements for both methods are listed below:
Operational requirements for NTLM authentication
To specify NTLM authentication, the following requirements must be met:
This printer supports NTLMv1 authentication and NTLMv2 authentication.
A domain controller has been set up in a designated domain.
NTLM authentication is supported in the following operating systems:
Windows Server 2003/2003 R2
Windows Server 2008/2008 R2
Windows Server 2012/2012 R2
When running Active Directory, use LDAP to obtain user information. It is recommended to use SSL to encrypt communication between the printer and the LDAP server. Encryption by SSL is possible only if the LDAP server supports TLSv1 or SSLv3.
Operational requirements for Kerberos authentication
To specify Kerberos authentication, the following requirements must be met:
A domain controller must be set up in a designated domain.
Kerberos authentication is available in the following operating systems which support KDC (Key Distribution Center):
Windows Server 2003/2003 R2
Windows Server 2008 (Service Pack 2 or later)/2008 R2
Windows Server 2012/2012 R2
When running Active Directory, use LDAP to obtain user information. It is recommended to use SSL to encrypt communication between the printer and the LDAP server. Encryption by SSL is possible only if the LDAP server supports TLSv1 or SSLv3.
Data transmission between the printer and the KDC server is encrypted if Kerberos authentication is enabled. For details about specifying encrypted transmission, see Kerberos Authentication Encryption Setting.
For the characters that can be used for login user names and passwords, see Usable characters for user names and passwords.
When accessing the printer subsequently, you can use all the functions available to your group and to you as an individual user.
Users who are registered to multiple groups can use all the functions available to those groups.
Under Windows Authentication, you can specify whether or not to use secure sockets layer (SSL) authentication.
To automatically register user information under Windows authentication, it is recommended that communication between the printer and domain controller should be encrypted using SSL. To do this, you must create a server certificate for the domain controller. For details about creating a server certificate, see Creating the Server Certificate.
Under Windows Authentication, you do not need to create a server certificate unless you want to automatically register user information using SSL.
