cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
857
Views
0
Helpful
9
Replies

TMSPE Password Generation for Imported Users

Patrick Sparkman
VIP Alumni
VIP Alumni

Is there or could there be a way to specify a default password for imported users in TMSPE?  I know you can have TMSPE auto generate random numeric or alphanumeric passwords, but it would be nice if we could specify a default password to start with.  There already is an option to not generate passwords, so why not give a third option to use a default one?

Alternatively, could there be a way to make the passwords for TMSPE users a single default password by some sort of SQL script, or the like?

Thanks

9 Replies 9

Zac Colton
Cisco Employee
Cisco Employee

There is no supported (or even unsupported) method of using a single default password for imported Jabber users.  From a security perspective, that would be very bad. There would be know way of knowing if the user is logging into there own account, or someone else's.

Hello Zac -

Very true, security would be bad, yet we have the ability to import users and leave the password blank.  It would be nice to be able to provide some sort of default login for imported users (when not using AD authentication), so that they could login to there account without any big issue of not knowing there password without having to ask anyone, until they change it, if they do.

This was a big comlaint when we started with movi2, so it must be a long tome ago.

I think its not well handled that there is no way to import users/passwords or an

easy way to change them.

Patrick, do you wonder about JabberVideo or endpoints? At least for JabberVideo

I would recomend to go the NTLM/AD authentication way.

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

Patrick, do you wonder about JabberVideo or endpoints? At least for JabberVideo

I would recomend to go the NTLM/AD authentication way.

Yes, but we have a mix of internal users with AD accounts, and others that are external without any AD accounts that aren't tied to our organization, but we provide them the ability to conference with us.  So unless Cisco comes up with a mixed authentication mode for the VCS (local database and NTLM) to allow a good mixed authentication method, we can't go the NTLM route.  Some have tried some other wacky domain/subzone config setup on the VCSs from what I've read in the forums, but rather not go that route unless it's idealy simple and secure.

As long as TMSPE is cofigured with auto password generation, and a connection to an email server, TMSPE can send emails to the users that would contain what there password would be. Also, with PE, the end user can access the User Portal pages via TMS Portal, and they can change their passwords themselves.

Very true, but what if half the users that get imported into PE aren't using Jabber Video.. yet, then you have these emails going about and they woldn't know what they were, they'd think they were spam perhaps.

Then don't have the email sent out automatically. Or have the email state that the password is for Jabber usage only. Either way, for Jabber users that need to change their password can use the portal.

For me the password handling is really bad, especially with TMSPE and >X7.2.

It should be possible to import passwords, extract all passwords for all users or use an external database

to authenticate on (besides AD), all that does not seem to be possible.

Lets look how it worked before, you could completly ignore the password set by TMS and

simply use an LDAP server with h350 to authenticate these users and it worked for JabberVideo and endpoints

with out any issues.

Now with TMSPE the users are replicated to the VCS incl their unknown auto generated password.

As the local database is poppulated the LDAP authentication will not be asked, and there is no

option to disable this behavior.

So no, order selection of Authentication methods (like only ldap or local) or have a second try

like if failed on local, try ldap.

With the later VCS releases well working things were removed or got broken (see no interop of VCS

versions on traversal zones).

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

Sending passwords in cleartext is BAD and against standard security practice!

What I need is a way to allow my non AD users to reset their Jabber/Movi passwords via web lnk (Like it's done with ciscojabbervideo.com)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: