Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Configuring Authentication to Use the Local Database
The local authentication database is included as part of your VCS system and does not require any specific
connectivity configuration. It is used to store user account authentication credentials. Each set of credentials
consists of a name and password.
connectivity configuration. It is used to store user account authentication credentials. Each set of credentials
consists of a name and password.
The credentials in the local database can be used for device (SIP and H.323), traversal client and TURN client
authentication.
authentication.
Adding credentials to the local database
To enter a set of device credentials:
1.
Go to Configuration > Authentication > Devices > Local database and click New.
2.
Enter the Name and Password that represent the device’s credentials.
3.
Click Create credential.
Note that the same credentials can be used by more than one device.
Credentials managed within Cisco TMS (for device provisioning)
When the VCS is using TMS Provisioning Extension services, the credentials supplied by the Users service are stored
in the local authentication database, along with any manually configured entries. The Source column identifies
whether the user account name is provided by TMS, or is a Local entry. Only Local entries can be edited.
in the local authentication database, along with any manually configured entries. The Source column identifies
whether the user account name is provided by TMS, or is a Local entry. Only Local entries can be edited.
Incorporating Cisco TMS credentials within the local database means that VCS can authenticate all messages (i.e.
not just provisioning requests) against the same set of credentials used within Cisco TMS.
not just provisioning requests) against the same set of credentials used within Cisco TMS.
Local database authentication in combination with H.350 directory authentication
You can configure the VCS to use both the local database and an H.350 directory.
If an H.350 directory is configured, the VCS will always attempt to verify any Digest credentials presented to it by first
checking against the local database before checking against the H.350 directory.
checking against the local database before checking against the H.350 directory.
Local database authentication in combination with Active Directory (direct) authentication
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to Auto, then
NTLM authentication challenges are offered to those devices that support NTLM.
NTLM authentication challenges are offered to those devices that support NTLM.
■
NTLM challenges are offered in addition to the standard Digest challenge.
■
Endpoints that support NTLM will respond to the NTLM challenge in preference to the Digest challenge, and
the VCS will attempt to authenticate that NTLM response.
the VCS will attempt to authenticate that NTLM response.
Starter Pack
If the Starter Pack option key is installed, the local authentication database will include a pre-configured set of
authentication credentials. To ensure correct operation of the TURN server in conjunction with the Starter Pack, do
not delete or modify the StarterPackTURNUser entry in the local authentication database.
authentication credentials. To ensure correct operation of the TURN server in conjunction with the Starter Pack, do
not delete or modify the StarterPackTURNUser entry in the local authentication database.
All other credentials that are required to support Starter Pack provisioned devices have to be added manually for each
user account.
user account.
138
Cisco TelePresence Video Communication Server Administrator Guide
Device Authentication