Device Authentication H.350 Schemas; Using Active Directory Database (Direct) - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Using an H.350 directory with other authentication mechanisms
Local database authentication in combination with H.350 directory authentication
From version X7.2, you can configure the VCS to use both the local database and an H.350 directory.
If an H.350 directory is configured, the VCS will always attempt to verify any Digest credentials presented
n
to it by first checking against the local database before checking against the H.350 directory.
(Prior to version X7.2, the VCS could be configured to verify credentials against either the local database or
an H.350 directory service.)
H.350 directory service authentication in combination with Active Directory (direct) authentication
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to
Auto, then NTLM authentication challenges are offered to those devices that support NTLM.
NTLM challenges are offered in addition to the standard Digest challenge.
n
Endpoints that support NTLM will respond to the NTLM challenge in preference to the Digest challenge,
n
and the VCS will attempt to authenticate that NTLM response.
Device authentication H.350 schemas
The
Device authentication H.350 schemas
H.350 directory
schemas) provides a set of .ldif files to be downloaded from the VCS and installed on the
LDAP server.
Click Download to display the required schema in your browser from where you can use the browser's
As
command to store it on your file system.
See
LDAP server configuration for device authentication
Using Active Directory database (direct)
Active Directory database (direct) authentication uses NTLM protocol challenges and authenticates
credentials via direct access to an Active Directory server using a Kerberos connection.
Active Directory database (direct) authentication can be enabled at the same time as local database and
n
H.350 directory service authentication:
This is because NTLM authentication is only supported by certain endpoints.
l
In such circumstances you could, for example, use the Active Directory (direct) server method for Movi /
l
Jabber Video, and the local database or H.350 directory service authentication for the other devices that
do not support NTLM.
NTLM authentication is only supported (at the time of writing) by Movi / Jabber Video version 4.2 or later
n
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to
Auto, then NTLM authentication challenges are offered to those devices that support NTLM.
NTLM challenges are offered in addition to the standard Digest challenge.
n
Endpoints that support NTLM will respond to the NTLM challenge in preference to the Digest challenge,
n
and the VCS will attempt to authenticate that NTLM response.
Cisco VCS Administrator Guide (X7.2)
page
(VCS configuration > Authentication > Devices >
for more information.
Device authentication
Save
Page 116 of 498
Hide quick links:
Advertisement
Table of Contents
