PDA

View Full Version : Bizhub 363 CAC/PIV setup issue


Custom Search


CompyTech
04-17-2013, 07:21 PM
I've been on site with their IT. I set up the device according to instructions. They have configured the device to connect to AD server with their certificates installed. I have no freaking clue about this thing. We can't get it authenticate or print with the print without authentication turned on. I think it's a setting they are missing. Anyone deal with those before have an idea?

emujo
04-17-2013, 09:44 PM
There is usually some special firmware for the CAC/PIV, and you need to install the loadable device driver in order for the AU to work. There is also a setting in the billing section to enable the AU..Can you log into the MFP at the control panel using the given AD credentials? EMujo

CompyTech
04-17-2013, 11:35 PM
There is usually some special firmware for the CAC/PIV, and you need to install the loadable device driver in order for the AU to work. There is also a setting in the billing section to enable the AU..Can you log into the MFP at the control panel using the given AD credentials? EMujo

Spec fw has been loaded. And device driver. I even updated the base fw to latest version. The device is enabled the problem is it just won't authenticate when you try to login. It gives no indication to what the Error is other then authentication failed. I would assume that the active directory server is set correctly but then again I do not have access to it to know what it is. Their IT says it is set the same as his xerox. But I don't work on Xerox so I don't have a clue.

rrrohan
04-18-2013, 12:18 AM
Spec fw has been loaded. And device driver. I even updated the base fw to latest version. The device is enabled the problem is it just won't authenticate when you try to login. It gives no indication to what the Error is other then authentication failed. I would assume that the active directory server is set correctly but then again I do not have access to it to know what it is. Their IT says it is set the same as his xerox. But I don't work on Xerox so I don't have a clue.


can you log in using username and password instead of using AU.

CompyTech
04-18-2013, 12:36 AM
can you log in using username and password instead of using AU.I guess I never tried that. I suggested it once, they blew that idea off. They want to use the cards. That's what they told me.

Gort
04-18-2013, 01:56 AM
I have done several CAC installs, they can be a pain.
Make sure the time server is set and the time on the MFP is in sync with the AD server. Ideally the NTP (time server) server is the AD server. Most CAC/PIV authentications will fail if the time sync is off by 10 seconds or less. Enable the auto update for the time server.
From the Admin. menu, network menu, details screen, Ping the AD server entered in the User Authentication/Account Track screen. Ping the server 3 times in a row. If any ping fails there is a latency/connection problem.
After the user inserts their card and enters their log-in and password, the display will show a progress bar 3 times. If the first progress screen fails the MFP is not hitting the server. The second and third tries can be user access, time sync and several other issues.
Many of the CAC installs I have had problems with were due to vlan or router/switch problems. If the AD server is on a different sub-net you may try to open your subnet mask to 255.255.0.0
As far as printing goes the CAC/PIV firmware requires a special CAC/PIV print driver. The print driver on the CD and the one on the "Public" site will not work properly when CAC firmware is installed on the MFP.

CompyTech
04-18-2013, 03:58 AM
Thanks, these are things to consider. I never even thought of time being off. But yeah the progress bar goes through once then the authentication fails after that. I quess the fun part will be trying to find those drivers for printing. I thought of that too, but I couldnt find anything specific. I looked on public and the tech portal page.

rrrohan
04-18-2013, 09:49 AM
I guess I never tried that. I suggested it once, they blew that idea off. They want to use the cards. That's what they told me.

no i mean log in with password on the account to make sure the account works.

otherwise you might be swipping away and blaming the AU device when it may just be the accounts arent even registering

Gort
04-20-2013, 03:24 AM
1.) DNS settings are critical on CAC/PIV installs. Make sure you can ping the DNS name, not the fully qualified domain name (FQDN) of the AD server. If your AD serve is: "adserver01.ds.blah.net", make sure you can ping "adserver01" from the MFP (without the "blah.net").
2.) If the server is on a government network, confirm the AD server is current and active. Government networks have a bad habit of changing servers without warning.
3.) Check the "Card Type" is set to the proper type of card being used, CAC or PIV. Typically CAC cards are on military networks (.mil at the end of the domain), (e.g.: ngaany.ds.army.mil, ctnavyds01.navy.mil, or usaf.mil). PIV cards are commonly used on non-military networks: ".gov", ".local", ".com".
If I recall, the "Card Type" is under Admin Mode > User Authentication/Account Track > Authentication Device Type

4.) The CAC/PIV print drivers are found on the One Stop Support site under: Solutions > AU2xx CAC/PIV > Drivers.

TheOwl
04-21-2013, 11:28 PM
You say you can't get the machine to print with "Print without Authentication" set to Allow?

Just check you print driver and make sure that "User Authentication" is set to Disable. Because User Auth is enabled on the machine as such, the driver automatically picks up on that, so you will also need to turn off the Auto Obtain Setting.

CompyTech
05-21-2013, 07:39 PM
We finally got it to work. The printing works fine now, their IT figured out how to configure the PD. I got the CAC to authenticate finally. All that was required to get it to work? I have no idea. I just followed the steps the specialist gave me over the phone, (along with the install survey sheet with all the info I needed) that was not in the install instructions. I am now CAC/PKI certifiable. lol :rolleyes:

Custom Search