Cisco Cisco TelePresence Video Communication Server Expressway
VCS Control and VCS Expressway, each with Active
Directory (direct) authentication
Directory (direct) authentication
Both the VCS Expressway and the VCS Control can be configured to perform direct authentication against
the AD server.
the AD server.
Setting
VCS Expressway
VCS Control
Provisioning
X
AD configuration
Default Zone
Check credentials
Check credentials
Default Subzone
Check credentials
Check credentials
Traversal Zone
Check credentials
Check credentials
SIP domain
Domain for SIP
account
account
Domain for SIP
account
account
SIP registration proxy
mode
mode
Off
Off
Setting
Cisco TMS
SIP
Server
Server
VCS Control IP
address or FQDN
address or FQDN
Public SIP
Server
Server
VCS Expressway IP
address or FQDN
address or FQDN
This example shows a subscribe for provisioning that is challenged using an AD (direct) authentication
challenge by the VCS Expressway. It is then forwarded on to the VCS Control which in turn passes it to the
provisioning server:
challenge by the VCS Expressway. It is then forwarded on to the VCS Control which in turn passes it to the
provisioning server:
SIP UA VCS Expressway VCS Control Prov. server AD
Subscribe
CSeq: <xx> SUBSCRIBE
407 Proxy Authentication
Required
with SIP header:
‘Proxy-Authenticate:
NTLM realm="<VCSHostID>",
qop="auth",
targetname="<VCSHostID>"’
Cisco TelePresence Device Authentication on Cisco VCS Deployment Guide (X8.2)
Page 48 of 55
Appendix 3: Active Directory (direct)