Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Where does VCS get passwords from when doing LDAP authentication

I was wondering, if I were to configure VCS to do LDAP authentication while using an Active Directory as LDAP, which passwords would it be using?   Will it authenticate against domain password or will I need to fill in a separate password attribute (which would be cleartext)?

 

 

3 REPLIES
VIP Purple

Hello Eli -Are you referring

Hello Eli -

Are you referring to user accounts (such as admin accounts that login to the VCS), or for devices (such as endpoints)?

If you're talking about authenticating user accounts, than it will use your AD username/password.
Cisco-VCS-Authenticating-Accounts-Using-LDAP-Deployment-Guide-X8-2

If you're talking about authenticating devices/endpoints, than it will use fields in your LDAP that are created by schemas that you download from the VCS and install to your LDAP directory.
Cisco-VCS-Authenticating-Devices-Deployment-Guide-X8-2.pdf

New Member

I am actually talking about

I am actually talking about endpoint authentication.

 

Is it possible to use LDA (H.350) authentication against an AD and use user domain password for authentication?  That is, I do not want to store the password as an attribute but rather have VCS bind to LDAP with the proposed user/password to see whether the user exists or not.  SAme way as it is done by the LDAP module on Apache for instance.

 

 

New Member

You would need to enter the

You would need to enter the password for the bind user you need. For the password challenge you can choose between:

  • Simple Authentication - Password in clear-text send to LDAP server
  • SASL MD5 - Challenge-Response method to setup a secure channel for the password transmission (needs to be supported on your LDAP)

 

In addition to the password challenge you could run an encrypted SSL tunnel for the whole LDAP communication. For this you'll need a certificate trust between VCS and LDAP.

 

Additional information can be found here: http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf

50
Views
0
Helpful
3
Replies