Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working. (1178 Views)
Reply
Occasional Contributor
sammyW
Posts: 6
Registered: ‎11-25-2010
Message 1 of 6 (1,178 Views)

Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working.

 just finished upgrading my Domain from Windows 2003 Server to Windows 2008 Server. I also upgraded the Firmware to the latest on my HP Laserjet M4345 Printers. I am able to print, however I can no longer sign in to the printer with domain authentication to scan or email. The error is LDAP authentication failed. I checked the settings and nothing seemed to have changed besides the DNS IP addresses which I changed on the printer.

 

There was another thing which may be an issue after I resolve the LDAP problem. I noticed that for the Scan to Folder Settings it is still asking for a WINS Server although I did not set up Wins on my new domain Controller 2008 since all my machines are Windows XP or higher.

 

But I need to resolve the LDAP issue first.

 

If anyone has any advice to help me it would be greatly appreciated.

 

Thanks,

HP Pro
Rick_106
Posts: 3
Registered: ‎01-10-2011
Message 2 of 6 (1,086 Views)

Re: Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working.

Hi Sammy,

 

Sorry that it has taken so long for someone to reply, but LDAP authentication is an area where not a lot of people have expertise. I can sure try to help you.

 

One of the best ways to determine what changed in your LDAP environment by upgrading from 2003 to 2008 is to use an LDAP browser. There are a couple that I'm familiar with - Softerra, and LDP. Softerra can be found on the web, and downloaded for free, and LDP.EXE was provided in Server 2003 in the \Support\tools folder. I'm not sure if it ships with Server 2008.

 

The following document describes how to use Softerra LDAP browser. Have you used either of these tools before? The reason for using these tools is to look at  LDAP attributes like the default naming context and SAMAccountName, Mail, etc. to see what, if anything, changed in the environment.

 

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00028506&jumpi...

 

I'll do some additional research and see what I can find. In the meantime, you might look at either of these tools and attempt to look at the LDAP attributes for a typical "user" object in the Active Directory.


Rick

Although I am an HP employee, I am speaking for myself and not for HP

Please mark the post that solves your problem as "Accepted Solution"

Say "Thanks" by clicking the Kudos Star in the post that helped you.
HP Pro
Rick_106
Posts: 3
Registered: ‎01-10-2011
Message 3 of 6 (1,085 Views)

Re: Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working.

Oh, one more thing. Are you using Simple bind or Simple over SSL? If you're using Simple over SSL, the solution may be a bit more complicated because the problem may have something to do with the certificate used.

With AD, Kerberos may be simpler to configure and more secure, but I understand that companies standardize on a specific method.
Rick
Although I am an HP employee, I am speaking for myself and not for HP

Please mark the post that solves your problem as "Accepted Solution"

Say "Thanks" by clicking the Kudos Star in the post that helped you.
Occasional Contributor
sammyW
Posts: 6
Registered: ‎11-25-2010
Message 4 of 6 (1,083 Views)

Re: Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working.

I actually had a small work around, which may be the only solution. When I upgraded to windows 2008, I was told that as long as all my ,achines were XP or higher, it was not neccessary to install WINS Server. But I noticed in the HP Printer properties it was asking for a WINS server, so I went and installed WINS on 2008 even though I didn't want to and then the authentication worked.

 

I can change it to Kerobos, but when I was with 2003 I was having problems which is why I went with LDAP. But maybe with 2008, Kerobos will work better.

 

Thanks,

HP Pro
Rick_106
Posts: 3
Registered: ‎01-10-2011
Message 5 of 6 (1,074 Views)

Re: Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working.

Hi Sammy,

 

It's strange that LDAP authentication started working when you configured a WINS server. As far as I know, WINS is only required for the Send to Folder functionality, not for LDAP authentication.

 

Is LDAP authentication working for you now? If not, please let us know if we can help.

 

If you get a chance, and Kerberos is acceptable, you might try to configure it again. I believe that it is our most secure embedded authentication mechanism.

 

If you decide to configure it, there are a couple of key points to consider:

1. The Kerberos realm must be in caps, for example,  AMERICAS.ABCCORP.NET

2.  I would start with using Public Credentials (your username and password), and then change to Use Device User's Credentials when everything is working.

3. The LDAP server can be the same (and typically is) as the Kerberos server (DC)

4. The search root describes the container in the LDAP tree where the search will start. The search occurs to obtain the authenticated user's email address. The search root that you're using for LDAP authentication should work.

5. The "retrieve device user's" email address should contain the LDAP attribute containing the user's email address, typically "mail" in active directory (without quotes)

6. The "retreive device users" display name should contain the LDAP attribute containing the user's display name, typically displayName in active directory (without quotes)

 

I hope that this is helpful,

Rick

Although I am an HP employee, I am speaking for myself and not for HP

Please mark the post that solves your problem as "Accepted Solution"

Say "Thanks" by clicking the Kudos Star in the post that helped you.
Occasional Contributor
sammyW
Posts: 6
Registered: ‎11-25-2010
Message 6 of 6 (1,072 Views)

Re: Laserjet M4345 Upgrade domain from 2003 - 2008. authentica​tion not working.

I will try as soon as I get a chance. We are using Send to Folder which s why I had to put in WINS. I can't recall if the LDAp was fixed with the WINS as well or perhaps prior to that. I will try the Kerobos as soon as I get a chance.

 

Thanks,

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.