Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Cisco VCS Administrator Guide (X7.2)
Page 116 of 498
Using an H.350 directory with other authentication mechanisms
Local database authentication in combination with H.350 directory authentication
From version X7.2, you can configure the VCS to use both the local database and an H.350 directory.
n
If an H.350 directory is configured, the VCS will always attempt to verify any Digest credentials presented
to it by first checking against the local database before checking against the H.350 directory.
to it by first checking against the local database before checking against the H.350 directory.
(Prior to version X7.2, the VCS could be configured to verify credentials against either the local database or
an H.350 directory service.)
an H.350 directory service.)
H.350 directory service authentication in combination with Active Directory (direct) authentication
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to
Auto, then NTLM authentication challenges are offered to those devices that support NTLM.
Auto, then NTLM authentication challenges are offered to those devices that support NTLM.
n
NTLM challenges are offered in addition to the standard Digest challenge.
n
Endpoints that support NTLM will respond to the NTLM challenge in preference to the Digest challenge,
and the VCS will attempt to authenticate that NTLM response.
and the VCS will attempt to authenticate that NTLM response.
Device authentication H.350 schemas
The
Device authentication H.350 schemas
page (
VCS configuration > Authentication > Devices >
H.350 directory schemas
) provides a set of .ldif files to be downloaded from the VCS and installed on the
LDAP server.
Click Download to display the required schema in your browser from where you can use the browser's
Save
As
command to store it on your file system.
See
for more information.
Using Active Directory database (direct)
Active Directory database (direct) authentication uses NTLM protocol challenges and authenticates
credentials via direct access to an Active Directory server using a Kerberos connection.
credentials via direct access to an Active Directory server using a Kerberos connection.
n
Active Directory database (direct) authentication can be enabled at the same time as local database and
H.350 directory service authentication:
H.350 directory service authentication:
l
This is because NTLM authentication is only supported by certain endpoints.
l
In such circumstances you could, for example, use the Active Directory (direct) server method for Movi /
Jabber Video, and the local database or H.350 directory service authentication for the other devices that
do not support NTLM.
Jabber Video, and the local database or H.350 directory service authentication for the other devices that
do not support NTLM.
n
NTLM authentication is only supported (at the time of writing) by Movi / Jabber Video version 4.2 or later
If Active Directory (direct) authentication has been configured and NTLM protocol challenges is set to
Auto, then NTLM authentication challenges are offered to those devices that support NTLM.
Auto, then NTLM authentication challenges are offered to those devices that support NTLM.
n
NTLM challenges are offered in addition to the standard Digest challenge.
n
Endpoints that support NTLM will respond to the NTLM challenge in preference to the Digest challenge,
and the VCS will attempt to authenticate that NTLM response.
and the VCS will attempt to authenticate that NTLM response.