Ricoh and Windows Auth

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mrwho
    Major Asshole!

    Site Contributor
    2,500+ Posts
    • Apr 2009
    • 4305

    Ricoh and Windows Auth

    Hello there, guys and girls!

    I've a colleague here that is trying to setup a couple of Ricoh machines (MPC2030 and MPC2050) at our showroom with windows authentication. He's having a trouble that I, due to my lack of experience with this, was unable to help him with. So we're turning to this forum, because surely someone else has had this problem before.

    After all is set up, the users must wait for a long time when logging in (34 seconds, according to him). Anyone can shed a light over this?

    And, since I'm at it, can someone please explain what's the real advantage of Windows authentication over Basic authentication?

    Cheers!
    ' "But the salesman said . . ." The salesman's an asshole!'
    Mascan42

    'You will always find some Eskimo ready to instruct the Congolese on how to cope with heat waves.'

    Ibid

    I'm just an ex-tech lurking around and spreading disinformation!
  • unisys12
    Trusted Tech

    250+ Posts
    • Jul 2007
    • 490

    #2
    From the Knowledge Base...

    Specify this authentication when using the Windows domain controller to authenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server. Under Windows authentication, you can specify the access limit for each group registered in the directory server. The Address Book stored in the directory server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the Address Book. If you can obtain user information, the sender's address (From is fixed to prevent unauthorized access when sending e-mails under the scanner function and forwarding received e-mails.
    Windows authentication can be performed using one of two authentication methods: NTLM or Kerberos authentication. The operational requirements for both methods are listed below.

    Operational Requirements for NTLM authentication
    To specify NTLM authentication, the following requirements must be met:
    • This machine only supports NTLMv1 authentication.
    • A domain controller has been set up in a designated domain.
    • This function is supported by the operating systems listed below. To obtain user information when running Active Directory, use LDAP. If SSL is being used, a version of Windows that supports TLS v1, SSL v2, or SSL v3 is required.
      • Windows NT 4.0 Server
      • Windows 2000 Server
      • Windows Server 2003/Windows Server 2003 R2
      • Windows Server 2008


    Operational Requirements for Kerberos authentication
    To specify Kerberos authentication, the following requirements must be met:
    • A domain controller must be set up in a designated domain.
    • The operating system must be able to support KDC (Key Distribution Center). To obtain user information when running Active Directory, use LDAP. If SSL is being used, a version of Windows that supports TLSv1, SSLv2, or SSLv3 is required. Compatible operating systems are listed below.
      • Windows 2000 Server
      • Windows Server 2003/Windows Server 2003 R2
      • Windows Server 2008


    Important
    • During Windows Authentication, data registered in the directory server, such as the user's e-mail address, is automatically registered in the machine. If user information on the server is changed, information registered in the machine may be overwritten when authentication is performed.
    • Users managed in other domains are subject to user authentication, but they cannot obtain items such as e-mail addresses.
    • If you have created a new user in the domain controller and selected "User must change password at next logon", log on to the machine from the computer to change the password before logging on from the machine's control panel.
    • If the authenticating server only supports NTLM when Kerberos authentication is selected on the machine, the authenticating method will automatically switch to NTLM.
    • If Kerberos authentication and SSL encryption are set at the same time, e-mail addresses cannot be obtained.

    Note:
    • Enter the login password correctly; keeping in mind that it is case-sensitive.
    • The first time you access the machine, you can use the functions available to your group. If you are not registered in a group, you can use the functions available under "*Default Group". To limit which functions are available to which users, first make settings in advance in the Address Book.
    • When accessing the machine subsequently, you can use all the functions available to your group and to you as an individual user.
    • Users who are registered in multiple groups can use all the functions available to those groups.
    • A user registered in two or more global groups can use all the functions available to members of those groups.
    • If the "Guest" account on the Windows server is enabled, even users not registered in the domain controller can be authenticated. When this account is enabled, users are registered in the Address Book and can use the functions available under "*Default Group".

    As you can see, there's alot of advantages to using Win Authentication.

    As for your log in's taking so long... Well, since everything is done at the server, then I would say that it would have to have something to do with the communication between the domain controller and the MFP.
    sigpic
    The first law states that energy is conserved: The change in the internal energy is equal to the amount added by heating minus the amount lost by doing work on the environment.

    Comment

    Working...