Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Device authentication
Cisco VCS Administrator Guide (X7.1)
Page 103 of 479
Device authentication configuration
The
Device authentication configuration
page (
VCS configuration > Authentication > Devices >
Configuration
) is used to control the types of mechanisms used by the VCS to verify the authentication
credentials used by systems and devices that attempt to communicate with the VCS.
Authentication database
To verify the identity of a device, the VCS needs access to a database on which all authentication credential
information (usernames, passwords, and other relevant information) is stored. This database may be located
either locally on the VCS, or on an LDAP Directory Server. The VCS looks up the endpoint’s username in the
database and retrieves the authentication credentials for that entry. If the credentials match those supplied
by the endpoint, the registration is allowed to proceed.
information (usernames, passwords, and other relevant information) is stored. This database may be located
either locally on the VCS, or on an LDAP Directory Server. The VCS looks up the endpoint’s username in the
database and retrieves the authentication credentials for that entry. If the credentials match those supplied
by the endpoint, the registration is allowed to proceed.
The Database type setting determines which database the VCS uses during authentication:
n
Local database: the local authentication database is used. You must configure the
to use this option. This is the default option.
n
LDAP database: a remote LDAP database is used. You must configure the
to use this option.
Note that:
n
If the VCS is acting as a traversal server, you must ensure that each traversal client’s authentication
credentials are entered into the selected database.
credentials are entered into the selected database.
n
The VCS supports the
for authenticating the identity of H.323 network devices
with which it communicates.
The NTLM protocol challenges setting controls whether or not the VCS sends NTLM protocol challenges
to the Active Directory Service when authenticating devices over SIP:
to the Active Directory Service when authenticating devices over SIP:
n
Auto: the VCS decides, based on the device type, whether to send NTLM challenges. This is the default
setting.
setting.
n
Off: NTLM challenges are never sent.
n
On: NTLM challenges are always sent.
Endpoint credentials used for authentication
An endpoint must supply the VCS with a username and password if it is required to authenticate with the
VCS, for example when attempting to register and the relevant subzone's Authentication Policy is set to
Check credentials.
VCS, for example when attempting to register and the relevant subzone's Authentication Policy is set to
Check credentials.
For Cisco endpoints using H.323, the username is typically the endpoint’s Authentication ID; for Cisco
endpoints using SIP it is typically the endpoint’s Authentication username.
endpoints using SIP it is typically the endpoint’s Authentication username.
See the relevant endpoint manual for details about how to configure the endpoint's credentials.