07-30-2013 12:26 PM - edited 03-18-2019 01:32 AM
I would like a cluster of Expresses to use the dial plan search rules to determine which VCS Control dictates the authentication for Jabber users.
Based on naming scheme, the Jabber client will authenticate against TMS-1/AD Acct via VCSC-1 or against TMS-2/local Acct via VCS C-2.
I have setup a dialplan search rule that directs the request, and although the VCSC-1/TMS-1/AD auth is working, the local account does not authenticate via VCSC-2/TMS-2/local.
VCS Versions 7.2.2
TMS Versions 14.2.1
Jabber 4.6.3
The VCS-E is setup as Proxy to known only.
The VCS-E has NTLM auto.
07-30-2013 02:19 PM
Do you do any authentication on the vcs and do you have the sip domains added to the vcs?
By today the vcs-e will now authenticate towards different VCS-C but a proxy registration and
provisioining based on different domains matching on different traversal zones should work
Please remember to rate helpful responses and identify
07-30-2013 02:27 PM
Martin,
Thank you for always responding to my questions. You are awesome.
Although we do have multiple domains defined, we would like to differentiate based on username.
So for example: jsmith.dept@domain.com where everything except one specific department dictates that it authenticates to the VCSC-1/TMS-1/AD authentication. The one single dept would authenticate towards VCSC-2/TMS-2/locally provisioned.
Do we do any authentication on the VCS? - We authenticate traversal zones. We have a user/pwd for all endpoints.
Thank you,
07-30-2013 03:05 PM
You might be able to handle the provisioning with a cpl, but the registration is just to the domain itself, not sure if it would even be possible to handle the contact header in the cpl.
In short you need to have some seperation to say which request goes where, using a seperation
based on the domain would be the best what I could recomend to you. And as I have not tested it
I can not even garantee that it works, but I would say it should.
Thank you for your kind words. If you like what I post, use the rating functionality using the stars below my messages.
(more info: https://supportforums.cisco.com/docs/DOC-8052 )
Please remember to rate helpful responses and identify
07-30-2013 03:28 PM
Martin,
I just tested.
Account Provisioned TMS2 Local
Jabber from outside network
User: jsmith
Internal VCS: {blank}
External VCS: VCSE.domain1.com
Domain: domain2.com
This scenario registers Jabber to VCSE.domain.com.
Jabber from inside VCSC-2 network.
User: jsmith
Internal VCS: VCSC-2
External blank
Domain: domain2.com
Returns Did not receive provisioning in time.
I believe the problem with this scenario is that their SRV records for domain2.com are point to VCSE. Sound right?
07-30-2013 05:25 PM
First of all the provisioning on the internal network should work, if that does not work locally you have some generic issue.
Are you sure that the provisioning is done by the right vcs?
The provisioning option key shall only present on the VCS-C1 and VCS-C2 not on the VCS-E
As I do not know your search rule and the rest of the setup/deployment its not easy to say where it breaks.
Do you have a cisco partner or external consultant who can look at it?
Hands on is way more easy.
Please remember to rate helpful responses and identify
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide