Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Cisco VCS Administrator Guide (X7.2)
Page 118 of 498
The PC on which Movi / Jabber Video runs must use appropriate settings which match the settings of the AD
server.
server.
More information about how to configure your system to use NTLM and Active Directory Service is contained
in
in
Active Directory Service (ADS) configuration
The
Active Directory Service
page (
VCS configuration > Authentication > Devices > Active Directory
Service
) is used to configure a connection to an
for device authentication of Movi /
Jabber Video endpoints (version 4.2 or later).
The configurable options are:
Field
Description
Usage tips
Connect to
Active
Directory
Service
Active
Directory
Service
Enables or disables the connection
between the VCS and the Active Directory
Service.
between the VCS and the Active Directory
Service.
When the connection is enabled, the VCS will
include NTLM protocol challenges when
authenticating endpoints, according to the NTLM
protocol challenges setting.
include NTLM protocol challenges when
authenticating endpoints, according to the NTLM
protocol challenges setting.
Turning Connect to Active Directory Service to Off
does not cause the VCS to leave the AD domain.
does not cause the VCS to leave the AD domain.
NTLM
protocol
challenges
protocol
challenges
Controls whether or not the VCS sends
NTLM protocol challenges (in addition to
Digest challenges) when authenticating
devices over SIP.
NTLM protocol challenges (in addition to
Digest challenges) when authenticating
devices over SIP.
Auto: the VCS decides, based on the
device type, whether to send NTLM
challenges.
device type, whether to send NTLM
challenges.
Off: NTLM challenges are never sent.
On: NTLM challenges are always sent.
The default is Auto
Under normal operation this should be set to Auto
where the VCS decides, based on the device type,
whether to send NTLM challenges.
where the VCS decides, based on the device type,
whether to send NTLM challenges.
If you are migrating from an existing authentication
mechanism to Active Directory (direct) then select Off
while the connection to the AD server is being
configured; select Auto later, when you have an
active connection and are ready to switch over to this
authentication mechanism.
mechanism to Active Directory (direct) then select Off
while the connection to the AD server is being
configured; select Auto later, when you have an
active connection and are ready to switch over to this
authentication mechanism.
Never use On, as this will send NTLM challenges to
devices that may not support NTLM (and therefore
they may crash or otherwise misbehave).
devices that may not support NTLM (and therefore
they may crash or otherwise misbehave).
Note that the VCS must be connected to an Active
Directory Service in order to send NTLM challenges.
Directory Service in order to send NTLM challenges.
AD domain
This must be the fully qualified domain
name (FQDN) of the AD domain that the
VCS will join.
name (FQDN) of the AD domain that the
VCS will join.
Typically the domain would be the same as the DNS
name of the Kerberos server.
name of the Kerberos server.
Case sensitivity issues with Active Directory have
been reported and therefore upper case entry is
enforced.
been reported and therefore upper case entry is
enforced.
Short
domain
name
domain
name
The short domain name used by the VCS
when it joins the AD domain.
when it joins the AD domain.
It is also known as the NetBIOS domain name.