Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
1.
Go to Configuration > Authentication > Devices > Active Directory Service.
2.
Ensure that NTLM protocol challenges is set to Auto.
Never use On, as this will send NTLM challenges to devices that may not support NTLM (and therefore they
may crash or otherwise misbehave).
may crash or otherwise misbehave).
3.
Click Save if required.
4.
If the VCS is part of a cluster, check that any configuration changes entered on the master peer have been
replicated to each other peer.
replicated to each other peer.
Configuring Jabber Video and Testing Active Directory Database (Direct) Authentication
We recommend that you use a Jabber Video configuration that already authenticates successfully using either
provisioning or VCS authentication. This means that Jabber Video's Advanced settings (Internal Server, External
Server and SIP Domain entries) are correctly configured.
provisioning or VCS authentication. This means that Jabber Video's Advanced settings (Internal Server, External
Server and SIP Domain entries) are correctly configured.
1.
Sign in to Jabber Video:
2.
In the Username field, configure <AD Short Domain Name>\username
(this field is not case sensitive).
3.
In the Password field, enter the password as configured in the Active Directory database for the chosen user.
4.
Click Sign in.
A successful registration confirms that authentication of provisioning and registration of Jabber Video to VCS now
works using Active Directory database (direct) authentication.
works using Active Directory database (direct) authentication.
Ports
for a list of ports used when communicating with the AD system.
SPNEGO
SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) is a mechanism used by client applications when
they seek to authenticate with a remote server. It allows the client and server to identify which authentication
protocols they both support and decide which protocol to use.
they seek to authenticate with a remote server. It allows the client and server to identify which authentication
protocols they both support and decide which protocol to use.
By default the VCS uses SPNEGO when communicating with an AD Domain Controller. It can only be enabled or
disabled through the CLI by using the command
disabled through the CLI by using the command
xConfiguration Authentication ADS SPNEGO
.
Authenticating with External Systems
The Outbound connection credentials page (Configuration > Authentication > Outbound connection credentials) is
used to configure a username and password that the VCS will use whenever it is required to authenticate with
external systems.
used to configure a username and password that the VCS will use whenever it is required to authenticate with
external systems.
For example, when the VCS is forwarding an invite from an endpoint to another VCS, that other system may have
authentication enabled and will therefore require your local VCS to provide it with a username and password.
authentication enabled and will therefore require your local VCS to provide it with a username and password.
Note that these settings are not used by traversal client zones. Traversal clients, which must always authenticate
with traversal servers before they can connect, configure their connection credentials per traversal client zone.
with traversal servers before they can connect, configure their connection credentials per traversal client zone.
145
Cisco TelePresence Video Communication Server Administrator Guide