Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
2
Replies

Jabber Telepresence Active Directory

Go to solution
John Faltys
Level 1
Level 1

‎04-01-2013 10:35 AM - edited ‎03-18-2019 12:51 AM

I was testing some different authentication scenarios with Jabber TP against AD.

It seems that Jabber Users assigned to Distribution Groups instead of Security Groups, seem to authenticate fine.  Is this suppose to be the case?

They import fine into TMS and when using Jabber for TP, they authenticate fine.

I assumed, (yes I know what assume means) that Distrinbution Groups would not work for autheticating Jabber users.

TMS 13.2.1, VCS 7.2.1

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎04-01-2013 10:57 AM

Its two parts, the import which imports the users by a given filter from ad.

So if your ad user used to see these users they get imported.

The other part is the authentication, so if this specific user can authenticate it will be allowed.

It might be interesting to know if there is a way to limit the users which are allowed to authenticate by the windows server side.

You can find also more info on how it works in the

"Device authentication on Cisco VCS Guide"

Why do you ask, do you see a proble?

The final start would be to define a proper filter on the TMS/TMSPE to only import users which you really want to import. :-)

Please remember to rate helpful responses and identify

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎04-01-2013 10:57 AM

Its two parts, the import which imports the users by a given filter from ad.

So if your ad user used to see these users they get imported.

The other part is the authentication, so if this specific user can authenticate it will be allowed.

It might be interesting to know if there is a way to limit the users which are allowed to authenticate by the windows server side.

You can find also more info on how it works in the

"Device authentication on Cisco VCS Guide"

Why do you ask, do you see a proble?

The final start would be to define a proper filter on the TMS/TMSPE to only import users which you really want to import. :-)

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
John Faltys
Level 1
Level 1
In response to Martin Koch

‎04-01-2013 11:15 AM

Martin,

Thanks for the quick response.  Yes I read the guide and it is helpful, although it does not specify whether distribution groups and security groups are handled differently.  I guess that should of been my clue that it does not handle them differently.

No a problem really.  However, if you read Microsofts bit on Distribution Groups you will see

Distribution groups can be used only with e-mail applications (such as Exchange) to send e-mail to collections of users. Distribution groups are not security-enabled, which means that they cannot be listed in discretionary access control lists (DACLs). If you need a group for controlling access to shared resources, create a security group.

With that as a definition, I assumed (yes I know), that the groups would be treated differently regarding provisioning.

This is not causing any current problem, but I wanted to make sure I really understood how it is being used, so that I could give proper advice on provisioning using AD. 

The plus side is that it allows larger organizations to allow their provisioning person to provision existing AD users without requiring them to have access to security groups.

That may also be a down side, although I am unsure if it causing any security groups "problems".

0 Helpful
Customers Also Viewed These Support Documents