RegistrationText goes hereControl

TANDBERG VIDEO COMMUNICATION SERVER ADMINISTRATOR GUIDE

About Authentication

The VCS can be configured to use a username and password-based challenge-response scheme to permit endpoint registrations. This process is known as authentication.

In order to authenticate with the VCS, the endpoint must supply it with a username. For TANDBERG endpoints using H.323, the username is the endpoint’s Authentication ID;

Authentication

Configuring Authentication

To configure Authentication options:

VCS Configuration > Authentication > Configuration

You will be taken to the Authentication Configuration page (shown below).

xConfiguration Authentication

Mode

On: all endpoints must authenticate with the VCS before registering.

Off: no authentication is required for endpoints.

The default is Off.

for TANDBERG endpoints using SIP it is the endpoint’s Authentication Username.

For details of how to configure

endpoints with a username and password, please consult the

endpoint manual.

In order to verify the identity of the device, the VCS needs access to a database on which all authentication credential information (usernames, passwords, and other relevant information) is stored. This database may be located either locally on the VCS, or on an LDAP Directory Server. The VCS looks up the endpoint’s username in the database and retrieves the authentication credentials for that entry. If the credentials match those supplied by the endpoint, the registration is allowed to proceed.

The VCS supports the ITU H.235 specification [1] for authenticating the identity of H.323 network devices with which it communicates.

Authentication database

Determines which database the VCS will use during authentication.

LocalDatabase: the local database is used. You must configure the Local database to use this option.

LDAP: A remote LDAP database is used. You must configure the LDAP server to use this option.

The default is LocalDatabase.

Authentication password

Specifies the password to be used by the VCS (in conjunction with the Authentication username) when the VCS is authenticating with another system.

Authentication username

The Authentication Username is the name that the VCS uses when authenticating with other systems. For example, when forwarding an invite from an endpoint to another VCS, that other system may have authentication enabled and will therefore require your local VCS to provide it with a username and password. Traversal clients must always successfully authenticate with traversal servers before they can be used.

The authentication username and password for your local VCS must be stored on either the local database or LDAP database (depending on which has been enabled), along with all the other authentication usernames and passwords. When your local VCS receives an authentication request, it looks up its own username in the database and sends the corresponding authentication credentials, along with the username, to the system that requested it. If the username and authentication credentials match those stored on the requesting system’s database, the communication can continue.

Introduction

Getting

System

System

H.323 & SIP

Registration

Zones and

Call

Firewall

Bandwidth

Maintenance

Appendices

Started

Overview

Configuration

Configuration

Control

Neighbors

Processing

Traversal

Control

 

 

 

D 14049.01

 

 

 

 

41

 

 

 

 

 

 

07.2007

 

 

 

 

 

 

 

 

 

 

Page 41
Image 41
TANDBERG D14049.01 manual About Authentication, Configuring Authentication, XConfiguration Authentication