Cisco Cisco TelePresence Video Communication Server Expressway
1. Go to
Configuration > Authentication > Devices > Active Directory Service
.
2. Enter up to 4 further Domain Controller server addresses (up to 5 in total).
3. Enter up to 4 further Kerberos Key Distribution Center server addresses and port numbers (up to 5 in total).
4. Click Save.
5. If the VCS is part of a cluster, check that the configuration entered on the master peer has been replicated
to each other peer.
Clustered VCS systems
In a clustered system, each VCS must join the AD domain separately. To do this:
On the master peer:
1. Follow the instructions as above to configure Active Directory (direct) and join the AD domain.
2. Ensure that the master peer has successfully joined the AD domain before continuing.
On each other peer in turn:
1. Go to
Configuration > Authentication > Devices > Active Directory Service
.
2. Check that the configuration entered on the master peer has been replicated to the current peer.
3. Enter the AD domain administrator Username and Password.
(These credentials are not stored by the VCS and so have to be entered each time.)
4. Click Save.
The VCS should join the AD domain. If you receive an error message, check the following:
l
the configuration settings on this page, including the username and password
l
the VCS’s CA certificate, private key and server certificate (CA certificate information is not replicated
across cluster peers)
across cluster peers)
Enabling NTLM authentication challenges
When Active Directory details have been configured and the VCS has been joined into the AD domain, VCS
can now be configured to challenge Jabber Video (4.2 or later) with NTLM authentication challenges.
can now be configured to challenge Jabber Video (4.2 or later) with NTLM authentication challenges.
1. Go to
Configuration > Authentication > Devices > Active Directory Service
.
2. Ensure that NTLM protocol challenges is set to Auto.
Never use On, as this will send NTLM challenges to devices that may not support NTLM (and therefore
they may crash or otherwise misbehave).
they may crash or otherwise misbehave).
3. Click Save if required.
4. If the VCS is part of a cluster, check that any configuration changes entered on the master peer have been
replicated to each other peer.
Configuring Jabber Video and testing Active Directory database (direct)
authentication
authentication
We recommend that you use a Jabber Video configuration that already authenticates successfully using
either provisioning or VCS authentication. This means that Jabber Video's Advanced settings (Internal
Server, External Server and SIP Domain entries) are correctly configured.
either provisioning or VCS authentication. This means that Jabber Video's Advanced settings (Internal
Server, External Server and SIP Domain entries) are correctly configured.
1. Sign in to Jabber Video:
2. In the Username field, configure <AD Short Domain Name>\username
Cisco TelePresence Device Authentication on Cisco VCS Deployment Guide (X8.5)
Page 30 of 55
Authentication methods