Authentication, Authentication mode, Authentication for local registrations – TANDBERG D14049.04 User Manual
Page 74: Configuring authentication, Authentication process, Registration control
74
D14049.04
JULY 2008
Grey Headline (continued)
TANDBERG
VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Registration Control
Authentication for Local Registrations
When
Authentication Mode
is
On
, endpoints must authenticate
with the VCS before they can register. In order to authenticate
successfully, the endpoint must supply the VCS with a
username. For TANDBERG endpoints using H.323, the
username is the endpoint’s
Authentication ID
; for TANDBERG
endpoints using SIP it is the endpoint’s
Authentication
Username
.
For details of how to configure endpoints with a
username and password, please consult the endpoint
manual.
In order to verify the identity of the device, the VCS needs
access to a database on which all authentication credential
information (usernames, passwords, and other relevant
information) is stored. This database may be located either
locally on the VCS, or on an LDAP Directory Server. The VCS
looks up the endpoint’s username in the database and retrieves
the authentication credentials for that entry. If the credentials
match those supplied by the endpoint, the registration is allowed
to proceed.
The VCS supports the
for
authenticating the identity of H.323 network devices with which
it communicates.
Authentication
Mode
Determines whether systems attempting to
communicate with the VCS must authenticate
with it first.
On
: For H.323, any credentials in the message
are checked against the authentication
database. The message is allowed if
the credentials match, or if there are no
credentials in the message. For SIP, any
messages originating from an endpoint in a
local domain will be authenticated.
Off
: no authentication is required for
endpoints.
The default is
Off
.
Database type
Determines which database the VCS will use
during authentication.
LocalDatabase
: the local database is used.
You must
to use
this option.
LDAP
: A remote LDAP database is used. You
must
to use this
option.
The default is
LocalDatabase
.
!
If the VCS is a traversal server, you
must ensure that each traversal
client’s authentication credentials are
entered into the selected database.
Configuring Authentication
To configure the
Authentication Mode
of the VCS, and the
Database
it will use:
VCS Configuration > Authentication > Configuration
•
You will be taken to the
Authentication Configuration
page.
!
Accurate timestamps play an important part in authentication, helping to
guard against replay attacks. For this reason, if you are using
authentication, both the VCS and the endpoints must use an NTP server
to synchronize their system time. See the
section for information on how to
configure this for the VCS.
Authentication Mode
The VCS can be configured to use a username and password-
based challenge-response scheme to determine whether it will
permit communications from other systems. This process is
known as authentication. When
Authentication Mode
is
On
,
systems attempting to communicate with the VCS, including
endpoints attempting to send registration requests to the VCS,
must first authenticate with it.