Configuring Vcs Authentication Methods - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Configuring VCS authentication methods
The VCS supports 3 different methods of verifying authentication credentials:
against an on-box
local database
n
via an LDAP connection to an external
n
via direct access to an
n
As from version X7.2, the VCS attempts to verify the credentials presented to it by first checking against its
on-box local database of usernames and passwords. The local database also includes checking against
credentials supplied by TMS if your system is using device provisioning. If the username is not found in the
local database, the VCS may then attempt to verify the credentials via a real-time LDAP connection to an
external H.350 directory service. The directory service, if configured, must have an H.350 directory schema
for either a Microsoft Active Directory LDAP server or an OpenLDAP server.
(Prior to version X7.2, the VCS could be configured to verify credentials against either the local database or
an H.350 directory service.)
Along with one of the above methods, for those devices that support NTLM challenges, the VCS can
alternatively verify credentials via direct access to an Active Directory server using a Kerberos connection.
The direct Active Directory authentication via Kerberos method is only supported by a limited range of
endpoints – at the time of writing, Movi / Jabber Video 4.2 or later only. If used, other non-supported endpoint
devices will continue to authenticate using one of the other two authentication methods.
Note that the VCS always challenges an endpoint with a standard Digest challenge. The VCS will
additionally send an NTLM challenge if the VCS has NTLM protocol challenges enabled and it recognizes
that the endpoint supports NTLM.
If the endpoint receives both challenges, it is the endpoint's decision as to whether to respond to the Digest
challenge or to the NTLM challenge. At the time of writing, all supported endpoints respond to an NTLM
challenge in preference to a Digest challenge.
The following diagram shows the process followed by the VCS when authenticating credentials:
Cisco VCS Administrator Guide (X7.2)
(which includes any TMS-supplied credentials)
H.350 directory service
Active Directory server
using a Kerberos connection (NTLM challenges only)
Device authentication
Page 111 of 498
Hide quick links:
Advertisement
Table of Contents
