HP Digital Sender 9100c - Configuring the HP Digital Sender to Work With IIS

In the past, users could be authenticated when opening the Address Book Manager (ABM) from their computers or when sending at the HP Digital Sender itself. Now it is possible to authenticate users trying to send from the HP Digital Sender using a Web server. A Web server controls access to one or more of its resource items, pages, programs, or other objects. A browser-like client can request these on the computer or network. In this case, the browser-like client is the digital sender. The Web server can ask the browser-like requestor (digital sender) for user credentials, such as a user account name and corresponding password. Before returning the requested resource, the Web server can verify the user account name and password against a user account database, such as the Windows NT domain user account database, on the local computer or the Windows NT domain controller. After checking against the user account database, one of the following situations occurs:

note:

For the greatest assurance that users are not sending e-mail and faxes using someone else’s name, Guest usage must be disabled on all digital senders.

Although it is possible to use any Web server for authentication, Microsoft (R) Internet Information Services (IIS) contains a Web server useful for user authentication. Because IIS and its Web server are integrated into the Microsoft operating system, they are easy to use for configuring authentication. IIS, which is part of the Microsoft Back Office, is an option included with Windows NT 4.0 Server edition, Windows 2000 Server edition, and NT 4.0 Option Pack. When authenticating users, the IIS Web server checks the user account name and password against the user account database of the local Windows NT or 2000 operating system and/or the NT domain. This check is commonly referred to as NT user authentication, or NTLM. Use the following directions to prepare the IIS Web server to authenticate digital sender users.

1. The HP Digital Sender submits a username and password to the Web server.
2. The Web server requests authentication from the Network Logon Server.
3. The Network Logon server replies with user verification to the Web server.
4. The Web server replies with user verification to the HP Digital Sender.
5. The HP Digital Sender queries for a SMTP address from a matching user profile (from Address Book Manager).
6. A SMTP address is populated in the From: field.
7. If no matching user profile is found, then:
   The HP Digital Sender queries the LDAP server for a SMTP address for the username.
8. The LDAP server returns a SMTP address to the From: field

note:

Requires IIS version 4 for Windows NT 4.0 or version 5 for Windows 2000. IIS must be running on a server in a domain or in a trusted domain.

note:

Click here to download an upgraded option pack from Microsoft.

Open IIS and set up a home directory or virtual directory for the IIS Web server in Default Web Site. It is highly recommended that a home or virtual directory be created just for the purpose of digital sender user authentication against Windows.

In Windows Explorer, place a default html page in the physical directory with which the virtual directory is associated. For performance reasons, it is highly recommended that this physical directory be located on the same server as the one hosting the IIS Web Server.

1. Find www root directory via Explore and create a subdirectory for the digital sender.
2. Copy the default. htm file from www root to the digital sender subdirectory.
3. Create a Virtual directory dedicated to the Digital Sender user authentication. Right-click New and select Virtual Directory (Figure 1).
4. In the Internet Service Manager, select Default Web Site object, then right-click and scroll to select New.
   Figure 1: Clicking New and selecting Virtual Directory
   
5. Name the new Virtual Directory, and click Next.
6. Select a physical path for the virtual directory, then click Next. This directory needs to be an existing directory.

   note:

   WWWRoot is the Main Web directory.

7. Verify that Read is checked, and then click Finish.

   note:

   Read and Script are the default permissions. The minimum permission allowed is Read.

8. Right-click the virtual directory created and select Properties.
9. Select the Directory Security tab. In the Anonymous Access and Authentication Controlsection, select Edit.
10. Clear the Anonymous and Windows NT Challenge/Response options. Select the BasicAuthentication option and click Yes when the plain text warning message appears.
11. Select Edit in the Authentication Methods Screen and enter the Authentication Domain Name.
12. Close the virtual directory properties dialog boxes.
13. Right-click the Virtual Directory and select Explore to access the physical directory of the Virtual Directory.
14. Right-click the physical directory and select Properties. Click the Security tab, then Permissions. In the Directory Permissions dialog, add the users allowed to login to the HP Digital Sender, by pointing to the user logon domain (Figure 2).

    note:

    Read permission is all that is required for users at the Directory level.

    Figure 2: Adding users Allowed to logon to the Digital Sender
    
15. Right-click the default Web page (e.g., default.htm in the physical directory) and select Properties. Click the Security tab, and select Permissions. In the File Permissions dialog, add the users allowed to logon to the HP Digital Sender.

    note:

    Read permission is all that is required for users at the File level.

1. Upgrade the HP Digital Sender 9100C to Firmware version 4.0 or greater.
2. Connect to the HP Digital Sender using the Web Access tool through one of the Web browsers:
   1. In Netscape, enter the IP Address of the HP Digital Sender followed by ":4242" and press ENTER. Example: "10.0.0.192:4242" (make sure there are no slashes between the IP address and the ":4242").
   2. In Internet Explorer, enter the IP address of the digital sender and press ENTER. Example: "10.0.0.192". Once the page loads, add ": 4242" to the end of the IP address (make sure there are no slashes between the IP address and the ":4242").
3. Click Settings, then Authenticate on the left menu (Figure 3).
4. In the URL window, enter the address of the authenticating Web servers' home page in http form. Example: "http://server name/filename"
5. In the NT User Domain ID window, enter "ntuserdomainid"

   note:

   Microsoft Exchange server does not contain an NT User Domain ID field. Another field in the details section should be populated with the domain: username attribute, create "Extension-Attribute -1" field. In the NT User Domain ID window enter the name of this field.

6. Enter the domain name in the Default Domain window. Both Proxy windows should be blank.

   note:

   If the HP Digital Sender is in one domain and it is necessary to go through a proxy server to authenticate, enter in the appropriate proxy information here.

7. Click Apply at the bottom of the screen.
   Figure 3: Web Access: Authentication Settings
   
8. Click on the link for, Configure E-mail "From:" Field Address
   or select Send To and then Email from the Menu on the upper left of the screen.
   Figure 4: Authentication From: field Options
   

1. Enter the network account username in the User Name: field.
2. Enter the network account password in the Password: field. Click Apply.

1. At the Authentication Settings window shown in Figure 3, select Test Login to Authentication Server.
2. Type the fully qualified NT login account.
3. Enter the NT account password.
4. Select Apply.
5. The Authentication Settings window will prompt with "Login Successful."

   note:

   If failure occurs, check the Domain Name and Account or the URL to the IIS Web Server.

1. To complete user authentication, the From: field on the HP Digital Sender must be back-filled from the user's SMTP address. This address can be obtained in one of two ways.
   1. A Digital Sender user profile created with Address Book Manager. The profile name must match the users network username.
      1. Log into Address Book Manager (ABM) as the user Administrator; enter a password if the HP Digital Sender has been password protected.
      2. In the ABM main window, click Users.
      3. Click the File menu and New.
      4. Complete the information in the New User Profile dialog box and click Add. Verify that the profile name matches the users network username.
      5. Repeat Step 4 for each user to add.
      6. Click Close when finished.
   2. Configuration using an LDAP server:

      note:

      The LDAP server must contain a field that is populated with the user's fully qualified username.

      • For NT networks: domain: username
      • For other networks: username

        note:

        Use an LDAP client to determine if a field exists in the LDAP database containing the fully qualified logon information.

1. Connect to the HP Digital Sender 9100c Web page. Click Settings, Connections, and LDAP.
2. In the LDAP Server Address window, enter the LDAP server address. This can be either the network name or IP address of the LDAP server (LDAP server address can also be the Microsoft Exchange Server network address).
3. In the LDAP Search Root window, enter the search root. Example: o=hp.com
4. In the Maximum Number of Hits window, enter "40"
5. Click Apply at the bottom of the screen.

   note:

   When using a Microsoft Exchange server as the LDAP server, the Display Name field for the user's mailbox should be populated with the NT username. A HP Digital Sender LDAP query from an MS Exchange searches only the Display Name field.

1. On the HP Digital Sender, click Guest in the login screen, then e-mail.
2. On the From: line, type the last name that is desired. Then, click Search.
3. In the list that appears, look for the desired e-mail address/name.
   • If the address/names shows up, skip to Step 7.
   • If the address/name name is not listed, go to Step 4.
4. Using HP Address Book Manager, create a new user with the name of username (the NT logon name of the user).
5. Put the user's e-mail address in the e-mail field. Leave the other fields blank. Click OK.
6. Press the red // CANCEL button on the HP Digital Sender to return to the login screen.
7. Ensure the Domain field is correct to the domain that the user is a member of, and then type the username.
8. Enter the Windows NT login password on the Password line and press OK.
9. The authentication and login should be complete. Press e-mail and the desired name should be listed in the From: line. Any e-mail sent should be authenticated as coming from the appropriate name.

Foreign Domain Users are:

• Windows NT users with accounts in trusted domains other than the configured default domain
• Must logon on domain\username

Click here to find Digital Sender drivers and downloads.

(http://productfinder.support.hp.com/tps/ProductFinder?h_lang=en&h_tool=software&h_query=ds+9100c)