Configuring Authentication To Use The Local Database - Cisco TelePresence Administrator's Manual

Device authentication

Configuring authentication to use the local database

The local authentication database is included as part of your VCS system and does not require any specific
connectivity configuration. It is used to store user account authentication credentials. Each set of credentials
consists of a name and password.
The credentials in the local database can be used for device (SIP and H.323), traversal client and TURN
client authentication.
Adding credentials to the local database
To enter a set of device credentials:
1. Go to Configuration > Authentication > Devices > Local database
2. Enter the Name and Password that represent the device's credentials.
3. Click Create credential.
Note that the same credentials can be used by more than one device.
Credentials managed within Cisco TMS (for device provisioning)
When the VCS is using TMS Provisioning Extension services, the credentials supplied by the Users service
are stored in the local authentication database, along with any manually configured entries. The Source
column identifies whether the user account name is provided by TMS, or is a Local entry. Only Local entries
can be edited.
Incorporating Cisco TMS credentials within the local database means that VCS can authenticate all
messages (i.e. not just provisioning requests) against the same set of credentials used within Cisco TMS.
Local database authentication in combination with H.350 directory authentication
You can configure the VCS to use both the local database and an H.350 directory.
If an H.350 directory is configured, the VCS will always attempt to verify any Digest credentials presented to
it by first checking against the local database before checking against the H.350 directory.
Local database authentication in combination with Active Directory (direct) authentication
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to Auto,
then NTLM authentication challenges are offered to those devices that support NTLM.
NTLM challenges are offered in addition to the standard Digest challenge.
n
Endpoints that support NTLM will respond to the NTLM challenge in preference to the Digest challenge,
n
and the VCS will attempt to authenticate that NTLM response.
Starter Pack
If the Starter Pack option key is installed, the local authentication database will include a pre-configured set
of authentication credentials. To ensure correct operation of the TURN server in conjunction with the Starter
Pack, do not delete or modify the StarterPackTURNUser entry in the local authentication database.
All other credentials that are required to support Starter Pack provisioned devices have to be added manually
for each user account.
Cisco VCS Administrator Guide (X8.1.1)
About device authentication
and click New.
Page 119 of 507