Configuring The Connection To Active Directory Service (Ads) - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (498 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Device authentication
The Default Zone
(Configuration > Zones >
l
an Authentication policy of Check credentials. This ensures that provisioning requests (and any call
requests from non-registered devices) are challenged.
The Default Subzone
l
must be configured with an Authentication policy of Check credentials. This ensures that registration,
presence, phone book and call requests from registered devices are challenged.
Setting up your authentication policy to check credentials will affect any device that sends
provisioning, registration, presence, phone book and call requests to the VCS.
Endpoint
The PC on which Jabber Video runs must use settings which match the settings of the AD server.
Configuring the connection to Active Directory Service (ADS)
The
Active Directory Service
Service) is used to configure a connection to an
Video endpoints (version 4.2 or later).
Configuring the Active Directory Service settings
To configure Active Directory (direct) and join the AD domain:
1. Go to
Configuration > Authentication > Devices > Active Directory
2. Configure the fields as follows:
Field
Description
Connect to
Enables or disables the connection between
Active
the VCS and the Active Directory Service.
Directory
When the connection is enabled, the VCS
Service
includes NTLM protocol challenges when
authenticating endpoints, according to the
NTLM protocol challenges setting.
NTLM
Controls whether or not the VCS sends NTLM
protocol
protocol challenges (in addition to Digest
challenges
challenges) when authenticating devices over
SIP.
Auto: the VCS decides, based on the device
type, whether to send NTLM challenges.
Off: NTLM challenges are never sent.
On: NTLM challenges are always sent.
The default is Auto.
Cisco VCS Administrator Guide (X8.1.1)
Zones, then select Default Zone) must be configured with
(Configuration > Local Zone > Default
page
(Configuration > Authentication > Devices > Active Directory
Active Directory Service
About device authentication
Subzone) – or the relevant subzones -
for device authentication of Jabber
Service.
Usage tips
Turning Connect to Active Directory
Service to Off does not cause the VCS to
leave the AD domain.
Normally, this should be set to Auto.
If you are migrating from an existing
authentication mechanism to ADS then select
Off while the connection to the AD server is
being configured; select Auto later, when you
have an active connection and are ready to
switch over to this authentication mechanism.
Never use On, as this will send NTLM
challenges to devices that may not support
NTLM (and therefore they may crash or
otherwise misbehave).
The VCS must be connected to an Active
Directory Service to send NTLM challenges.
Page 124 of 507
Advertisement
Table of Contents
