Application Notes
For
Windows Domain Authentication

Applicable Models:

e-STUDIO282/283 Series with firmware version 329 or later

e-STUDIO452/453 Series with firmware version 329 or later

e-STUDIO850/853 Series with firmware version 329 or later

e-STUDIO451c Series with firmware version 329 or later

e-STUDIO3510c Series with firmware version 314 or later

e-STUDIO4520c Series with firmware version 110 or later

e-STUDIO6530c Series with firmware version 110 or later

Version 1.1 (March 19, 2009) 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

Worksheet for Windows Domain Authentication

The following information should be acquired before configuring the MFP for Windows Domain
Authentication.

Domain Server OS

Domain Server Version

Primary DNS Server Address

Secondary DNS Server Address (if applicable)

Domain Name 1

Domain Name 2 (if applicable)

Domain Name 3 (if applicable)

Primary DDNS Log-in Name

Primary DDNS Log-in Password

Secondary DDNS Log-in Name (if applicable)

Secondary DDNS Log-in Password (if

applicable)

Primary SNTP Server Address

Secondary SNTP Server Address (if applicable)

Print Enforcement Requirement

Page 1 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

Introduction

Purpose
Windows Domain Authentication requires users to be authenticated to a Windows Domain
before they can access any functions from the control panel of the MFP. The control can be
extended to include printing. The authentication is accomplished with the entry of the user’s
Domain Log-in Name and Password at the MFP LCD. When Print Enforcement is enabled, the
user needs to log into the Domain at their client PC when printing to the MFP. Users from up to
3 Domains are supported.

Prerequisites
None

Configuration
The configuration settings include the following and should be performed in the order provided:
1. Set the Date, Time, and Daylight Savings
2. Confirm the correct DNS Server address has been configured
3. Configure DDNS
4. Configure SNTP
5. Save and Confirm the Network Settings
6. Configure Windows Domain Authentication
7. Perform Windows Domain Authentication

Page 2 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

Configuration Procedure
1. Set Date, Time, and Daylight Savings

These settings are accomplished on the General Setup screen in the Administrator mode of
TopAccess (refer to Figure #1). Select [Save] and confirm the correct date and time are
displayed on the LCD of the machine. The Daylight Savings settings are required to assure the
correct time offset when SNTP is enabled (Step 4). Setting the date and time is best practice to
prevent conflicting properties in scanned documents and while performing Scan to e-Mail.

Figure #1

Page 3 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

2. Confirm the correct DNS Server address has been configured.

This is found on the Administration tab in TopAccess. Click Setup – Network – DNS Session,
and check the entry for “Primary DNS Server Address” as seen in Figure #2. Confirm that this is
the IP Address of the DNS Server for the Active Directory Domain that the MFP will be
functioning in.

Figure #2

Page 4 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

3. Configure DDNS

In the TopAccess Administration Mode select Setup – Network – DDNS Session. Typically the
Host Name and Domain Name are already registered (presence of Domain Name is dependent on
the TCP/IP mode that has been selected). Register the Primary Login Name and Password of a
Domain member with sufficient privileges to maintain the MFP’s A record and PTR record in
DNS of the Domain Server.

Figure #3

Page 5 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

4. Configure SNTP

In the TopAccess Administration Mode select Setup – Network – SNTP Session. Register the
server location for maintaining the correct time for the network. This location is usually the
Domain Controller. By default, the Domain Controller requires a 5-minute tolerance with other
networked clients for successful operations such as authentication. The requirement is satisfied
with configuration of SNTP.
Figure #4

5. Save and Confirm the Network Settings

Select [Save] at the top of the TopAccess Network Setup page. After the MFP reboots confirm
the MFP’s A record and PTR records were added to DNS records of the server. Also review the
TopAccess Message Log of any errors.

To confirm DNS is programmed correctly, utilize the Ping capabilities of the MFP (User
Functions / Admin / Network / Network Check).

Note: For security reasons, the Ping capability can be disabled on the DNS Server by the IT
Manager to prevent Denial Of Service attacks. Therefore, if there is a Ping failure from the
MFP, confirm the security settings of the DNS Server with the IT Manager before
troubleshooting.

Do not proceed until any errors are resolved.

Page 6 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

6. Configure Windows Domain Authentication

This is found in the User Management tab in TopAccess. Click Authentication – User
Management Setting, then select Windows Domain Authentication (Figure #5).

Figure #5

Set User Authentication Enforcement to control the operation when a print job is received from a
client that is not logged into the Domain (Figure # 6):
On – The print job will be routed to the Invalid Queue
Print – A client is not required to log into the Domain to print.
Delete – The print job is deleted if the client is not logged into the Domain

Figure #6

Page 7 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

After clicking the Next button, enter the Active Directory domain in the field for Domain Name
1. This is the Active Directory domain in which the MFP will be functioning. See Figure #7.

Figure #7

Two additional Windows Active Directory domains can be entered to allow users of other
domains to authenticate and gain access to the MFP. The example in Figure #8 shows that not
only users in the same domain, “eidlab2003.loc”, as the MFP can authenticate, but also users of
the “tabs.toshiba.com” and “tais.toshiba.com” domains can also authenticate and use the MFP.

Domain Name 2 and Domain Name 3 are optional. Only Domain Name 1 is required to allow
authentication of users within the domain that the MFP is attached. Domain Name 2 and
Domain Name 3 are used if users assigned to other domains are to be allowed access to this
MFP.

Figure #8

Page 8 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

Note: Immediately after selecting [Finish], the MFP will display the User Authentication fields
on the Control Panel (pressing Function Clear on the MFP Control Panel twice might be
required). The three fields are:

• User Name
• Password
• Domain

Rebooting the MFP is not necessary; these fields will display immediately following the change
in TopAccess.

The Control Panel of the MFP will display Domain Name 1 in the Domain field. The user
simply presses the “Domain” button on the LCD and selects the domain of which they are a
member.

7. Perform Windows Domain Authentication

Authenticate at the Control Panel of the MFP. If the authentication is unsuccessful, login
into TopAccess as Admin and check the Message Log.

Page 9 
 
 WINDOWS DOMAIN AUTHENTICATION ON A TOSHIBA E-BRIDGE MFP

History of Revisions

Version 1.0 to Version 1.1

Added a Worksheet.

Formatted first page as an Introduction to include Purpose, Prerequisites, and

Configuration.

Provided an explanation for setting Daylight Savings.

Clarified the requirements for the DDNS Primary Log-in.

Included instructions to Save the Network settings before proceeding to configuring

authentication. Also included items to inspect to assure the Network settings are correct.

Page 10