Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Setting up your authentication policy to check credentials will affect any device that sends provisioning,
registration, presence, phone book and call requests to the VCS.
registration, presence, phone book and call requests to the VCS.
Endpoint
The PC on which Jabber Video runs must use settings which match the settings of the AD server.
Configuring the Connection to Active Directory Service (ADS)
The Active Directory Service page (Configuration > Authentication > Devices > Active Directory Service) is used to
configure a connection to an
configure a connection to an
for device authentication of Jabber Video endpoints (version
4.2 or later).
Configuring the Active Directory Service Settings
To configure Active Directory (direct) and join the AD domain:
1.
Go to Configuration > Authentication > Devices > Active Directory Service.
2.
Configure the fields as follows:
Field
Description
Usage tips
Connect to
Active
Directory
Service
Active
Directory
Service
Enables or disables the connection between
the VCS and the Active Directory Service.
the VCS and the Active Directory Service.
When the connection is enabled, the VCS
includes NTLM protocol challenges when
authenticating endpoints, according to the
NTLM protocol challenges setting.
includes NTLM protocol challenges when
authenticating endpoints, according to the
NTLM protocol challenges setting.
Turning Connect to Active Directory Service
to Off does not cause the VCS to leave the
AD domain.
to Off does not cause the VCS to leave the
AD domain.
NTLM
protocol
challenges
protocol
challenges
Controls whether or not the VCS sends NTLM
protocol challenges (in addition to Digest
challenges) when authenticating devices
over SIP.
protocol challenges (in addition to Digest
challenges) when authenticating devices
over SIP.
Auto: the VCS decides, based on the device
type, whether to send NTLM challenges.
type, whether to send NTLM challenges.
Off: NTLM challenges are never sent.
On: NTLM challenges are always sent.
The default is Auto.
Normally, this should be set to Auto.
If you are migrating from an existing
authentication mechanism to ADS then select
Off while the connection to the AD server is
being configured; select Auto later, when you
have an active connection and are ready to
switch over to this authentication
mechanism.
authentication mechanism to ADS then select
Off while the connection to the AD server is
being configured; select Auto later, when you
have an active connection and are ready to
switch over to this authentication
mechanism.
Never use On, as this will send NTLM
challenges to devices that may not support
NTLM (and therefore they may crash or
otherwise misbehave).
challenges to devices that may not support
NTLM (and therefore they may crash or
otherwise misbehave).
The VCS must be connected to an Active
Directory Service to send NTLM challenges.
Directory Service to send NTLM challenges.
AD domain
This must be the fully qualified domain name
(FQDN) of the AD domain that the VCS will
join. It must be entered in upper case, such
as, EXAMPLE.COM.
(FQDN) of the AD domain that the VCS will
join. It must be entered in upper case, such
as, EXAMPLE.COM.
Typically the domain is the same as the DNS
name of the Kerberos server.
name of the Kerberos server.
Upper case entry is enforced due to case
sensitivity issues with Active Directory.
sensitivity issues with Active Directory.
Short
domain
name
domain
name
The short domain name used by the VCS
when it joins the AD domain.
when it joins the AD domain.
It is also known as the NetBIOS domain
name.
name.
130
Cisco TelePresence Video Communication Server Administrator Guide