Authentication Using Active Directory Service; Movi Authentication Using An Active Directory Service - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Authentication using Active Directory Service
Movi authentication using an Active Directory Service
Movi device authentication can be performed using a connection between the VCS and an Active Directory
Service (ADS). This allows Movi endpoint users to use their Windows Active Directory (AD) credentials to
authenticate via the NTLM protocol with the VCS.
This means that Movi users do not need a separate set of authentication credentials (username and
password) for their Movi endpoint - instead they can use the same credentials for both Windows and Movi.
When the VCS is enabled to authenticate via an Active Directory Service, Movi 4.2 and later will
automatically use ADS. Other devices will continue to be authenticated according to the chosen
authentication database
method.
ADS authentication process
To enable authentication against Active Directory, the VCS must first be configured with the details of the
Active Directory Service and it must then join the AD domain. After the VCS has established a connection to
the Active Directory Service, Movi credentials can be authenticated.
Before the VCS can connect to the Active Directory Service, ensure that the VCS is configured with the
following prerequisite information:
DNS server and Local host name details; ensure the Local host name is 15 characters or less
n
NTP server details
n
an appropriate CA certificate from the AD server if the connection is going to use TLS encryption
n
The VCS process to authenticate users' AD credentials is as follows:
1. Configure the VCS with the details of the Active Directory Service
> Devices > Active Directory
AD domain and short domain name connection details
l
the username and password credentials of the domain administrator; these are required in order to join
l
the AD domain
Even though it is possible to explicitly configure the addresses of the AD Domain Controllers and
Kerberos Key Distribution Centers, you are recommended to let the VCS obtain them via DNS SRV
lookups.
2. When the VCS is correctly configured, it will join the AD domain:
the VCS requests a Kerberos ticket from the KDC and then uses this ticket when it communicates with
l
the Domain Controller
after the VCS has joined the domain it periodically obtains fresh tickets from the KDC and renews its
l
relationship with the Domain Controller
3. Configure the VCS to challenge Movi (4.2 or later) with NTLM authentication challenges:
Go to
VCS configuration > Authentication > Devices > Configuration
l
protocol challenges is set to Auto.
The VCS can now start to authenticate Movi credentials.
4. A Movi endpoint then attempts to register with the VCS.
Cisco VCS Administrator Guide (X7.1)
Service), including:
Device authentication
(VCS configuration > Authentication
and ensure that NTLM
Page 108 of 479
Advertisement
Table of Contents
