Cisco Cisco TelePresence Video Communication Server Expressway
1.
Go to Configuration > Authentication > Devices > Active Directory Service.
2.
Enter up to 4 further Domain Controller server addresses (up to 5 in total).
3.
Enter up to 4 further Kerberos Key Distribution Center server addresses and port numbers (up to 5 in total).
4.
Click Save.
5.
If the VCS is part of a cluster, check that the configuration entered on the master peer has been replicated to
each other peer.
each other peer.
Clustered VCS Systems
In a clustered system, each VCS must join the AD domain separately. To do this:
On the master peer:
1.
Follow the instructions as above to configure Active Directory (direct) and join the AD domain.
2.
Ensure that the master peer has successfully joined the AD domain before continuing.
On each other peer in turn:
1.
Go to Configuration > Authentication > Devices > Active Directory Service.
2.
Check that the configuration entered on the master peer has been replicated to the current peer.
3.
Enter the AD domain administrator Username and Password.
(These credentials are not stored by the VCS and so have to be entered each time.)
(These credentials are not stored by the VCS and so have to be entered each time.)
4.
Click Save.
The VCS should join the AD domain. If you receive an error message, check the following:
—
the configuration settings on this page, including the username and password
—
the VCS’s CA certificate, private key and server certificate (CA certificate information is not replicated
across cluster peers)
across cluster peers)
Enabling NTLM Authentication Challenges
When Active Directory details have been configured and the VCS has been joined into the AD domain, VCS can now
be configured to challenge Jabber Video (4.2 or later) with NTLM authentication challenges.
be configured to challenge Jabber Video (4.2 or later) with NTLM authentication challenges.
1.
Go to Configuration > Authentication > Devices > Active Directory Service.
2.
Ensure that NTLM protocol challenges is set to Auto.
Never use On, as this will send NTLM challenges to devices that may not support NTLM (and therefore they
may crash or otherwise misbehave).
may crash or otherwise misbehave).
3.
Click Save if required.
4.
If the VCS is part of a cluster, check that any configuration changes entered on the master peer have been
replicated to each other peer.
replicated to each other peer.
Configuring Jabber Video and Testing Active Directory Database (Direct) Authentication
We recommend that you use a Jabber Video configuration that already authenticates successfully using either
provisioning or VCS authentication. This means that Jabber Video's Advanced settings (Internal Server, External
Server and SIP Domain entries) are correctly configured.
provisioning or VCS authentication. This means that Jabber Video's Advanced settings (Internal Server, External
Server and SIP Domain entries) are correctly configured.
1.
Sign in to Jabber Video:
2.
In the Username field, configure <AD Short Domain Name>\username
(this field is not case sensitive).
29
Cisco VCS Authenticating Devices Deployment Guide