Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
3
Replies

Where does VCS get passwords from when doing LDAP authentication

Eli Kagan
Level 1
Level 1

‎09-25-2014 08:26 AM - edited ‎03-18-2019 03:27 AM

I was wondering, if I were to configure VCS to do LDAP authentication while using an Active Directory as LDAP, which passwords would it be using?   Will it authenticate against domain password or will I need to fill in a separate password attribute (which would be cleartext)?

 

 

Labels:
0 Helpful
3 Replies 3

Patrick Sparkman
VIP Alumni
VIP Alumni

‎09-25-2014 08:50 AM

Hello Eli -

Are you referring to user accounts (such as admin accounts that login to the VCS), or for devices (such as endpoints)?

If you're talking about authenticating user accounts, than it will use your AD username/password.
Cisco-VCS-Authenticating-Accounts-Using-LDAP-Deployment-Guide-X8-2

If you're talking about authenticating devices/endpoints, than it will use fields in your LDAP that are created by schemas that you download from the VCS and install to your LDAP directory.
Cisco-VCS-Authenticating-Devices-Deployment-Guide-X8-2.pdf

0 Helpful

Eli Kagan
Level 1
Level 1
In response to Patrick Sparkman

‎09-25-2014 08:57 AM

I am actually talking about endpoint authentication.

 

Is it possible to use LDA (H.350) authentication against an AD and use user domain password for authentication?  That is, I do not want to store the password as an attribute but rather have VCS bind to LDAP with the proposed user/password to see whether the user exists or not.  SAme way as it is done by the LDAP module on Apache for instance.

 

 

0 Helpful

Christian Drefke
Level 4
Level 4

‎09-25-2014 08:51 AM

You would need to enter the password for the bind user you need. For the password challenge you can choose between:

  • Simple Authentication - Password in clear-text send to LDAP server
  • SASL MD5 - Challenge-Response method to setup a secure channel for the password transmission (needs to be supported on your LDAP)

 

In addition to the password challenge you could run an encrypted SSL tunnel for the whole LDAP communication. For this you'll need a certificate trust between VCS and LDAP.

 

Additional information can be found here: http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf

0 Helpful
Customers Also Viewed These Support Documents