09-05-2014 12:29 PM - edited 03-18-2019 03:22 AM
I am thinking about setting up my VCS with direct AD authentication for MOVI users. I have a group in the AD containing all our MOVI users. The problem is I do not see how to restrict authentication to only that group. I do not see a setting on the VCS authentication config page. Am I missing something?
09-05-2014 04:29 PM
Hello Eli -
It's not possible to specify a base DN for users or groups when setting up Active Directory Services for device authentication on the VCS, as the VCS is just used to authenticate the user's password when they try to sign in. What determines if they can attempt to sign in using ADS is if they have an account within TMSPE, if they don't have an account, they won't authenticate to AD via the VCS. With that said, you can limit who gets imported into TMSPE by specifying AD groups. Starting on bottom of pg 26 of the Cisco-TMSPE-with-VCS-Deployment-Guide-1-2, covers how to setup importing users into TMSPE using AD.
09-08-2014 09:08 AM
Thanks Patrick.
What about using H.350 directory for authentication? It has a base DN parameter...
However, it looks like it stores the password as clear text along with the entry. Meaning that users will not be able to authenticate using their AD username and password and that defeats the purpose of this exercise.
Is there a way to configure authentication in such a way that it would be limited to a certain group only, check against AD username and password and work withour relying on the provisioning server? I want users with other than MOVI clients, any SIP client to be exact, to be able to authenticate using their own username and password stored in AD. Is that an option at all?
Thanks,
Eli
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide