Tandberg Data N3 3.8 H.235 Authentication

TANDBERG Gatekeeper User Manual

20

match an entry on the DenyList. Allow lists and Deny lists are mutually exclusive: only one

may be in use at any given time.

Matching uses a simple form of wild card expansion:

12345678 Exact match only

1234567? First 7 characters are an exact match, last may be anything

123* 123 followed by anything

*@example.com Any string ending with @example.com

To set entries in the Allow and Deny lists use the following commands

AllowListAdd, AllowListDelete, DenyListAdd, DenyListDelete

To view the entries in the allow and deny lists, use the following commands:

xConfiguration Gatekeeper Registration AllowList

xConfiguration Gatekeeper Registration DenyList

Figure 13 Configuring a pattern for the Allow/Deny List within the Registration

Restrictions

3.7.2 Authentication

The TANDBERG Gatekeeper can use a user name and password based challenge-response

scheme to permit registrations. For details of how to configure the Gatekeeper for

authentication see section 3.8 H.235 Authentication. For details of how to configure your

endpoint with the appropriate information, please consult your endpoint manual.

3.8 H.235 Authentication

The Gatekeeper supports the ITU H.2352 specification for authenticating the identity of

network devices with which the Gatekeeper communicates.

In order to verify the identity of a device, the Gatekeeper needs access to the password

information. This credential information may be stored in a local database on the Gatekeeper

or obtained from an LDAP Director Server.

3.8.1 Authentication using a local database

2 ITU Specification: H.235 Security and encryption for H-Series (H.323 and other H.245-based)

multimedia terminals

Contents

Main Trademarks and copyright Environmental Issues TANDBERGs Environmental Policy Environmental Considerations Operator Safety Summary Table Of Contents Page 1 Introduction Page 2 Installation 2.1 Unpacking 2.2 Mounting 2.3 Connecting Cables 2.4 Switching on the System 2.5 Gatekeeper Initial Configuration Page 3 Using the Gatekeeper 3.1 System Administration 3.2 Registration 3.3 Neighbor Gatekeepers 3.4 Alternate Gatekeepers Page 3.5 Call Control Page Page 3.6 Bandwidth Control IP Page 3.6.1 Bandwidth Control and Firewall Traversal 3.6.2 Bandwidth Control Examples Enterprise Branch Office Home Office Home sub-zone Page 3.7 Registration Control 3.7.1 Registration Restriction Policy 3.7.2 Authentication 3.8 H.235 Authentication 3.8.1 Authentication using a local database 3.8.2 Authentication using an LDAP server Securing the LDAP connection with TLS 3.9 URI Dialing 3.9.1 URI Dialing and firewall traversal 3.9.2 Creating DNS SRV records 3.10 Firewall traversal 3.10.1 Calling unregistered endpoints 3.11 Call Policy 3.11.1 Making Decisions Based on Addresses address-switch address otherwise not-present 3.11.2 CPL Script Actions location proxy reject Selective Call Screening 3.11.3 Unsupported CPL Elements 3.11.4 CPL Examples Call screening Call Redirection 4 Software Upgrade 4.1 Upgrading Using HTTP(S) 4.2 Upgrading Using SCP Page 5 Configuring the Gatekeeper 5.1 Status xstatus ? xstatus TANDBERG Gatekeeper User Manual 5.2 Configuration xconfiguration ? xconfiguration xconfiguration <name> xconfiguration <name> ? xconfiguration <name> <param1>: value1 <param2>: value2 Page Page Page Page TANDBERG Gatekeeper User Manual 40 Configuration commands Description 5.3 Command xcommand ? To get usage information for a specific command, type xcommand <commandname> ? Command Usage Description Page 5.4 History xhistory ? xhistory xhistory <name> 5.5 Feedback 5.6 Other commands Page 6 Appendix: Configuring DNS Servers 6.1 Microsoft DNS Server 6.2 BIND 8 & 9 6.3 Verifying the SRV record 7 Appendix: Configuring LDAP Servers 7.1 Microsoft Active Directory 7.1.1 Prerequisites 7.1.2 Adding H.350 objects Create the organizational hierarchy Add the H.350 objects 7.2 OpenLDAP 7.2.1 Prerequisites 7.2.2 Installing the H.350 schemas 7.2.3 Adding H.350 objects Create the organizational hierarchy Add the H.350 objects 7.2.4 Securing with TLS 8 Approvals EMC Emission - Radiated Electromagnetic Interference EMC Immunity Electrical Safety 9 Technical Specifications 10 Index