Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
l
The Default Zone (
Configuration > Zones > Zones
, then select Default Zone) must be configured with
an Authentication policy of Check credentials. This ensures that provisioning requests (and any call
requests from non-registered devices) are challenged.
requests from non-registered devices) are challenged.
l
The Default Subzone (
Configuration > Local Zone > Default Subzone
) – or the relevant subzones -
must be configured with an Authentication policy of Check credentials. This ensures that registration,
presence, phone book and call requests from registered devices are challenged.
presence, phone book and call requests from registered devices are challenged.
Setting up your authentication policy to check credentials will affect any device that sends
provisioning, registration, presence, phone book and call requests to the VCS.
provisioning, registration, presence, phone book and call requests to the VCS.
Endpoint
The PC on which Jabber Video runs must use settings which match the settings of the AD server.
Configuring the connection to Active Directory Service (ADS)
The
Active Directory Service
page (
Configuration > Authentication > Devices > Active Directory
Service
Video endpoints (version 4.2 or later).
Configuring the Active Directory Service settings
To configure Active Directory (direct) and join the AD domain:
1. Go to
Configuration > Authentication > Devices > Active Directory Service
.
2. Configure the fields as follows:
Field
Description
Usage tips
Connect to
Active
Directory
Service
Active
Directory
Service
Enables or disables the connection between
the VCS and the Active Directory Service.
the VCS and the Active Directory Service.
When the connection is enabled, the VCS
includes NTLM protocol challenges when
authenticating endpoints, according to the
NTLM protocol challenges setting.
includes NTLM protocol challenges when
authenticating endpoints, according to the
NTLM protocol challenges setting.
Turning Connect to Active Directory
Service to Off does not cause the VCS to
leave the AD domain.
Service to Off does not cause the VCS to
leave the AD domain.
NTLM
protocol
challenges
protocol
challenges
Controls whether or not the VCS sends NTLM
protocol challenges (in addition to Digest
challenges) when authenticating devices over
SIP.
protocol challenges (in addition to Digest
challenges) when authenticating devices over
SIP.
Auto: the VCS decides, based on the device
type, whether to send NTLM challenges.
type, whether to send NTLM challenges.
Off: NTLM challenges are never sent.
On: NTLM challenges are always sent.
The default is Auto.
Normally, this should be set to Auto.
If you are migrating from an existing
authentication mechanism to ADS then select
Off while the connection to the AD server is
being configured; select Auto later, when you
have an active connection and are ready to
switch over to this authentication mechanism.
authentication mechanism to ADS then select
Off while the connection to the AD server is
being configured; select Auto later, when you
have an active connection and are ready to
switch over to this authentication mechanism.
Never use On, as this will send NTLM
challenges to devices that may not support
NTLM (and therefore they may crash or
otherwise misbehave).
challenges to devices that may not support
NTLM (and therefore they may crash or
otherwise misbehave).
The VCS must be connected to an Active
Directory Service to send NTLM challenges.
Directory Service to send NTLM challenges.
Cisco TelePresence Video Communication Server Administrator Guide (X8.5.2)
Page 160 of 567
Device authentication
About device authentication