cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
953
Views
0
Helpful
3
Replies

Problems with VCS-C, VCS-E and TMS

I'm hoping that someone can help me as I've almost pulled my hair out with this problem.

We have a VCS-C and VCS-E both running X7.2.  Our TMS is running 13.2.1.  We have been using everything for the past several months using "provisioning", which has worked fine.  I am recently trying to have Movi/Jabber clients authenticate via LDAP/AD, in addition to utilizing local accounts (we have some vendors and partners that register via our infrastructure).

I have gone through all the documentation and believe that I have this configured properly, however, things are working backwards from what I need them to.  Currently, a client that is on our internal network can register using AD credentials, but can NOT using local credentials.  Clients that are outside our network can register using local credentials, but NOT using their AD information.

My setup on the VCS devices is:

VCS-C

Default Zone     Check credentials

Traversal Zone  Check credentials

Default subzone  Treat as authenticated

VCS-E

Traversal Zone  Check credentials

SIP Proxy Registration   Have tried Off, Proxy to known and Proxy to any.  Currently set to Off

What am I missing here as I'm more from the CTS side of things and am just trying to learn the Tandberg Cisco VCS product?

Thanks,

Allen

1 Accepted Solution

Accepted Solutions

Allen,

when you enable NTLM protocol challenges on your VCS-C, this means that only NTLM authentication will be usable for the devices which support NTLM, namely Movi 4.2 and higher, Jabber Video 4.3 and higher plus Jabber for iPad. Other devices which do not support NTLM authentication will either use local database or LDAP authentication, depending on what you have configured on your VCS.

Is there a specific reason why you want to use both Digest and NTLM authentication for the Jabber Video devices?

- Andreas

View solution in original post

3 Replies 3

UPDATE:

I have made some configuration changes and can now authenticate successfully using AD when OFF the network.  So as it stands, AD authentication works fine both on and off the corporate network.  However, authenticating via local accounts no longer seems to work.

Thanks,

Allen

Allen,

when you enable NTLM protocol challenges on your VCS-C, this means that only NTLM authentication will be usable for the devices which support NTLM, namely Movi 4.2 and higher, Jabber Video 4.3 and higher plus Jabber for iPad. Other devices which do not support NTLM authentication will either use local database or LDAP authentication, depending on what you have configured on your VCS.

Is there a specific reason why you want to use both Digest and NTLM authentication for the Jabber Video devices?

- Andreas

Thanks.  I've been reading quite a bit this afternoon and believe that I saw that somewhere, it just didn't stay with me.

We would like to use both as we have quite a few vendors, partners, board members, etc. that are not directly employed by us but have the need to communicate regularly.  They were already set up in the local provisioning database, so we though it would be easy enough to leave them there to authenticate locally.

It's not the end of the world.  We can simply just add another OU into our Active Directory and create user accounts for them, we were just trying to save a little work.

Thanks so much for your answer!

All the best,

Allen