Solved: Problems with VCS-C, VCS-E and TMS

Allen Castleberry · ‎08-21-2012

I'm hoping that someone can help me as I've almost pulled my hair out with this problem.

We have a VCS-C and VCS-E both running X7.2. Our TMS is running 13.2.1. We have been using everything for the past several months using "provisioning", which has worked fine. I am recently trying to have Movi/Jabber clients authenticate via LDAP/AD, in addition to utilizing local accounts (we have some vendors and partners that register via our infrastructure).

I have gone through all the documentation and believe that I have this configured properly, however, things are working backwards from what I need them to. Currently, a client that is on our internal network can register using AD credentials, but can NOT using local credentials. Clients that are outside our network can register using local credentials, but NOT using their AD information.

My setup on the VCS devices is:

VCS-C

Default Zone Check credentials

Traversal Zone Check credentials

Default subzone Treat as authenticated

VCS-E

Traversal Zone Check credentials

SIP Proxy Registration Have tried Off, Proxy to known and Proxy to any. Currently set to Off

What am I missing here as I'm more from the CTS side of things and am just trying to learn the Tandberg Cisco VCS product?

Thanks,

Allen

awinter2 · ‎08-21-2012

Allen,

when you enable NTLM protocol challenges on your VCS-C, this means that only NTLM authentication will be usable for the devices which support NTLM, namely Movi 4.2 and higher, Jabber Video 4.3 and higher plus Jabber for iPad. Other devices which do not support NTLM authentication will either use local database or LDAP authentication, depending on what you have configured on your VCS.

Is there a specific reason why you want to use both Digest and NTLM authentication for the Jabber Video devices?

- Andreas

View solution in original post

Allen Castleberry · ‎08-21-2012

UPDATE:

I have made some configuration changes and can now authenticate successfully using AD when OFF the network. So as it stands, AD authentication works fine both on and off the corporate network. However, authenticating via local accounts no longer seems to work.

Thanks,

Allen

awinter2 · ‎08-21-2012

Allen,

when you enable NTLM protocol challenges on your VCS-C, this means that only NTLM authentication will be usable for the devices which support NTLM, namely Movi 4.2 and higher, Jabber Video 4.3 and higher plus Jabber for iPad. Other devices which do not support NTLM authentication will either use local database or LDAP authentication, depending on what you have configured on your VCS.

Is there a specific reason why you want to use both Digest and NTLM authentication for the Jabber Video devices?

- Andreas

Allen Castleberry · ‎08-21-2012

Thanks. I've been reading quite a bit this afternoon and believe that I saw that somewhere, it just didn't stay with me.

We would like to use both as we have quite a few vendors, partners, board members, etc. that are not directly employed by us but have the need to communicate regularly. They were already set up in the local provisioning database, so we though it would be easy enough to leave them there to authenticate locally.

It's not the end of the world. We can simply just add another OU into our Active Directory and create user accounts for them, we were just trying to save a little work.

Thanks so much for your answer!

All the best,

Allen