Grey Headline (continued)
Registration Control
TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE
Authentication
Authentication Mode
The VCS can be configured to use a username and password- based
Configuring Authentication
To configure the Authentication Mode of the VCS, and the Database it will use:
•VCS Configuration > Authentication > Configuration
You will be taken to the Authentication Configuration page.
•xConfiguration Authentication
Mode
Determines whether systems attempting to communicate with the VCS must authenticate with it first.
On: For H.323, any credentials in the message are checked against the authentication database. The message is allowed if
the credentials match, or if there are no credentials in the message. For SIP, any messages originating from an endpoint in a local domain will be authenticated.
Off: no authentication is required for endpoints.
Authentication for Local Registrations
When Authentication Mode is On, endpoints must authenticate with the VCS before they can register. In order to authenticate successfully, the endpoint must supply the VCS with a username. For TANDBERG endpoints using H.323, the username is the endpoint’s Authentication ID; for TANDBERG endpoints using SIP it is the endpoint’s Authentication Username.
For details of how to configure endpoints with a username and password, please consult the endpoint manual.
In order to verify the identity of the device, the VCS needs access to a database on which all authentication credential information (usernames, passwords, and other relevant information) is stored. This database may be located either locally on the VCS, or on an LDAP Directory Server. The VCS looks up the endpoint’s username in the database and retrieves the authentication credentials for that entry. If the credentials match those supplied by the endpoint, the registration is allowed to proceed.
The VCS supports the ITU H.235 specification [1] for authenticating the identity of H.323 network devices with which it communicates.
Accurate timestamps play an important part in authentication, helping to ! guard against replay attacks. For this reason, if you are using
authentication, both the VCS and the endpoints must use an NTP server to synchronize their system time. See the NTP section for information on how to configure this for the VCS.
The default is Off.
Database type
Determines which database the VCS will use during authentication.
LocalDatabase: the local database is used. You must configure the Local database to use this option.
LDAP: A remote LDAP database is used. You must configure the LDAP server to use this option.
The default is LocalDatabase.
If the VCS is a traversal server, you ! must ensure that each traversal
client’s authentication credentials are entered into the selected database.
Introduction | Getting Started |
| Overview and |
| System | VCS | Zones and |
| Call |
| Bandwidth |
| Firewall |
| Applications |
| Maintenance |
| Appendices |
| Status |
| Configuration | Configuration | Neighbors |
| Processing |
| Control |
| Traversal |
|
|
| |||||
|
|
|
|
|
|
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
D14049.04 |
|
|
|
|
|
| 74 |
|
|
|
|
|
|
|
|
|
| ||
JULY 2008 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
