Integration of Active Directory with telepresence - Jabber video

Hello

I would like to have a clarification on the integration of commercials with the existing infrastructure of TP.

We have A VCS - C 8.x, VCS-E 7.2.2 14.3 TMS with TMSPE.

We need to have our video Jabber users using their accounts and authentication of the user accounts existing on AD. All the other codecs authentication will be local VCS - c.

Where can I configure the integration of ads?  The TMS only? VCS - C only? or both?

Any document that clearly explain this configuration?

Thank you.

If you want to check the credentials on the control and Jabber clients video to send their requests for authentication to control VCS, where you have the setup of ADS, you must configure the default and traversal zones to check not the credentials on the highway.

Regarding your comment on authentication to the highway, just to be clear, before the customer can actually create a record on the freeway, do you want to authenticate, meaning the subzone where they will register to check the credentials, if so, ADS a problem here.  As the video Jabber client will always use NTLM to send its credentials when ADS is used, the highway will be presented with the username/password user name field.  As the highway is not connected to the announcement of check these credentials, it will not allow recording.  Authentication of registration requests always happens on the local server, because that's where the record should be.

Zac in the discussion below, covers this very well and how to get around it when using ADS and video recording Jabber to Hwy.

Jabber-video-authentication-vcs-what

Tags: Cisco Support

Similar Questions

  • Integration of Active Directory (AD)

    Hi all

    Let me know is there any related document on the integration of Active Directory with the AAU.
    If anyone with details of doc, please share with me.

    Kind regards
    Vijay T

    Hey Vijay.
    the guide of security management and access by the user for the content server available on the website of the documentation.

    see you soon,
    Sicard

  • Integration of MS Lync with telepresence

    Hello world. I have a question about the integration of MS Lync with telepresence. VCS - C will be sufficient for the integration with MS Lync server 2013? I heard that VCS gateway additional Lync is needed for this. And what about licensing, we need to activate the license of Microsoft on CV interoperability to make integration work?

    Would appreciate your responses.

    I would recommend that you read the deployment guide.

    http://www.Cisco.com/c/en/us/support/unified-communications/Telepresence...

    Please also search the forum, you will find several threads dealing with these issues.

    In short, the official way is to deploy a dedicated VCS - C or C-Expressway.

    But depending on the size and the friendly deployment you may have other options.

    If you want to have appropriate support, Yes, you would need the collaboration enhanced, now called

    Key to Microsoft Interoperability.

  • Frequency of synchronizing Active Directory with WSA

    Hello

    I would like to know how long is WSA takes to synchronize with Active directory? Any period of time? To get an example WSA synchronize every hour with Active Directory.

    Thank you.

    Kind regards

    Vijayan stoecklin

    It is not 'sync '.

    There are two ways to get AD auth.

    1 transparent auth, where you join the ASO to the domain and users hit web pages and are redirected, they get auth.

    2 AD Agent or now the CDA and soon Ice... Connection of users to AD, ADAgent/CDA/ICE, see activity in the domain controller records pass this info on to the ASO.

  • View the authentication information active directory with PowerCLI

    How can I get a list of all the hosts that don't use active directory for authentication local environment using powerCLI?

    Try like this

    Get-VMHost | Get-VMHostAuthentication |

    where {$_.} Area - eq $null} |

    Select @{N = "Name"; E={$_. VMHost.Name}}

  • Configuration of Active Directory with the OIM 11 g

    Hi all



    I installed OIM 11 g on windows 7. and I have one Active Directory server to another Machine.

    I installed the connector server in my local machine (windows 7).
    and HE created resources for AD and connector server... everything worked well.

    But, when I run the Active Directory organization seek Recon, is throw 'not found error in the field of the domain controller.


    Please help me on this
    1. what field I need to give to the Active Directory resource.

    2. any changes to do because the ad is in another Machine





    Thank you
    Kumar

    Connector server and AD must reside on the same domain. Install server connector on the computer where is installed the AD and check.

  • Activation of the connection Active Directory with ESX 3.5

    Hi guys. Ive followed the activation of Active Directory Doc login and interpreted the following

    esxcfg-auth- addomain = test.comaddc enablead = dc1.test.com

    Then the account and testuser adduser (no definition no password) exists in AD

    But when I tail-f var

    I get the error next time oblique, but my time on the service console is a minute compared to the AD server, almost shot on.

    May 23 01:02:41 esx1 sshd (pam_unix) [8819]: authentication failure; logName = uid = 0 euid = 0 TTY = NODEVssh ruser = rhost = 192.168.222.76 user = testusr

    May 23 01:02:42 esx1 sshd [8819]: pam_krb5: authentication error: Clock skew too big (-1765328347)

    May 23 01:02:42 esx1 sshd [8819]: pam_krb5: authentication fails for "testuser".

    May 23 01:02:44 esx1 sshd [8819]: failed password for testuser 192.168.222.76 56163 ssh2 port

    someone at - he encountered this before? Im running the following versions.

    ESX 3.5 update 2

    Windows Server 2003

    Certainly a thing of the time.  Take a look at this post

    http://communities.VMware.com/thread/75722?start=0&TSTART=0

    and this doc

    http://www.VMware.com/PDF/esx3_esxcfg_auth_tn.PDF

    David

  • Cannot bind to Active Directory with the configuration to Workspace Wizard

    Hi all!  I hope someone can point me in the right direction here.  I rode on the workspace VAPP yesterday and everything went beautifully until I reached the point where you set up the directory.  Here is where I am currently:

    -Type = ActiveDirectory Direcotry

    -Use SSL = unchecked

    -Server Host = IP of the DC (it is a GC)

    -Server Port = 3268 (also tried of 389)

    -Attribute search = sAMccountName

    -Base DN = DC = domain, DC = com

    -Bind DN = CN = horizon, OR = ServiceAccounts, DC = domain, DC = com

    -Bind password = *.

    I get the error below after selecting the parameter Test and sync button.  A few other notes of things I've tried so far are also listed below.

    Bind user DN has the fields firstname, lastname and email in the AD account.  Have tried both of our domain controllers (both are of the GC).  Also, we do not use LDAPS but allowed the "Microsoft network server: digitally signed communications (always)" enabled for all our servers, but do not see why it would make a difference wrt to LDAP. "

    Error saving configuration of the directory.

    Problem connecting to the directory.

    Bryan

    If domain controllers cannot communicate through port 636, it won't work, but you can run a command like ' openssl s_client-connect : 636 "and allows to print a cert. You can run this command from one of the machines VAPP workspace for example. You must copy the following text (including the BEGINNING and END of lines)

    -BEGIN CERTIFICATE-

    ....

    ....

    -CERTIFICATE OF END-

    And paste it into the certificate filed on the directory Workspace Wizard page.

  • vMA 4.1 Active Directory (AD) integration login Restrictions

    Hello

    Recently, I have deployed the vMA 4.1 in our environment through the integration of Active Directory (AD). My question is how to restrict the access of connection? Any domain user can connect to the vMA at the moment.

    Thank you

    Yes, you can control this by taking a peek in the same configuration file located in /etc/likewise/lsassd.conf

    You'll want to pick up the next section and update the list, allowing only certain groups or users to connect, this is how you would limit the access of connection for users/groups that you want to allow:

        # Allow only the following users and groups
    # to login to this system
    #
    # Note: Use a comma-separated list of
    #       { alias, NT4 style name, SID }
    #
    # require-membership-of = ABC\support group, ABC\joe, jane, S-1-5-21-3447809367-3151979076-456401374-513

    Uncomment the demand-membership - in and provide your list separated by commas

    =========================================================================

    William Lam

    VMware vExpert 2009,2010

    VMware VCP3, 4

    VMware VCAP4-DCA

    VMware scripts and resources at: http://www.virtuallyghetto.com/

    Twitter: @lamw

    repository scripts vGhetto

    Introduction to the vMA (tips/tricks)

    Getting started with vSphere SDK for Perl

    VMware Code Central - Scripts/code samples for developers and administrators

    VMware developer community

    If you find this information useful, please give points to "correct" or "useful".

  • iOS 10 with Cisco Jabber

    Dear Cisco support community,

    as seen on http://www.apple.com/ipad/business/work-with-apple/cisco/

    Only the spark is described here. There will also be a better integration of the call with Cisco Jabber?

    According to me, they're trying to transmit only apple ios 10 best interactive aura to the customer of the spark. This does not mean that jabber for iphone will be less functional in ios 10.

  • separate authentication and authorization for Active directory groups

    Hi all

    After a long search and failure, I write the question.

    I use apex oracle 4.2 on windows server 2012 on oracle 12 c, all 64 bits.

    We have configured Microsoft Active directory with LDAP.

    in LDAP, we have a core group which is say A and an is down there students and the two groups.

    According to the staff, there are many other groups and students, there are a lot of groups.

    I created a mobile application, it has a main page that is publicly accessible without username and password.

    in this home page, I have a list that contains two elements, personnel and another is a student.

    When one of the list item, the login screen appears.

    now I want to control when the user clicks on the staff list, only personnel should be authenticated.

    If the end user is a student, it doesn't have to be authenticated.

    the same goes for the student list item, if the end-user click on list of students, only students must be authenticated.

    someone please guide me, I'm failed in research and testing.

    Thank you.

    Kind regards.

    Hi Maahjoor,

    Try this (it is written all the attributes for the user) by logging in to your schema to SQL Developer:

    DECLARE

  -- Adjust as necessary.
  l_ldap_host    VARCHAR2(256) := 'hct.org';
  l_ldap_port    VARCHAR2(256) := '389';
  l_ldap_user    VARCHAR2(256) := 'cn=hct\itnew';
  l_ldap_passwd  VARCHAR2(256) := 'itnew';
  l_ldap_base    VARCHAR2(256) := 'DC=hct,DC=org';

  l_retval       PLS_INTEGER;
  l_session      DBMS_LDAP.session;
  l_attrs        DBMS_LDAP.string_collection;
  l_message      DBMS_LDAP.message;
  l_entry        DBMS_LDAP.message;
  l_attr_name    VARCHAR2(256);
  l_ber_element  DBMS_LDAP.ber_element;
  l_vals         DBMS_LDAP.string_collection;

BEGIN

  -- Choose to raise exceptions.
  DBMS_LDAP.USE_EXCEPTION := TRUE;

  -- Connect to the LDAP server.
  l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                              portnum  => l_ldap_port);

  l_retval := DBMS_LDAP.simple_bind_s(ld     => l_session,
                                      dn     => l_ldap_user||','||l_ldap_base,
                                      passwd => l_ldap_passwd);

  -- Get all attributes
  l_attrs(1) := '*'; -- retrieve all attributes
  l_retval := DBMS_LDAP.search_s(ld       => l_session,
                                 base     => l_ldap_base,
                                 scope    => DBMS_LDAP.SCOPE_SUBTREE,
                                 filter   => l_ldap_user,
                                 attrs    => l_attrs,
                                 attronly => 0,
                                 res      => l_message);

  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld  => l_session,
                                     msg => l_message);

    << entry_loop >>
    WHILE l_entry IS NOT NULL LOOP
      -- Get all the attributes for this entry.
      DBMS_OUTPUT.PUT_LINE('---------------------------------------');
      l_attr_name := DBMS_LDAP.first_attribute(ld        => l_session,
                                               ldapentry => l_entry,
                                               ber_elem  => l_ber_element);
      << attributes_loop >>
      WHILE l_attr_name IS NOT NULL LOOP
        -- Get all the values for this attribute.
        l_vals := DBMS_LDAP.get_values (ld        => l_session,
                                        ldapentry => l_entry,
                                        attr      => l_attr_name);
        << values_loop >>
        FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
          DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
        END LOOP values_loop;
        l_attr_name := DBMS_LDAP.next_attribute(ld        => l_session,
                                                ldapentry => l_entry,
                                                ber_elem  => l_ber_element);
      END LOOP attibutes_loop;
      l_entry := DBMS_LDAP.next_entry(ld  => l_session,
                                      msg => l_entry);
    END LOOP entry_loop;
  END IF;

  -- Disconnect from the LDAP server.
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval);

END;
/

    NOTE: The DN parameter on line 29 requires exact unique name for the user. In addition, on line 37 to filter, you can use username i.e. "cn = firstname.lastname."

    You can specify a specific attribute must be extracted from the user in order by changing line 33 of the:

    l_attrs(1) := '*';

    TO

    l_attrs(1) := 'title';

    Then you can write a function based on above the code to extract the attribute LDAP user as follows:

    create or replace function fnc_get_ldap_user_attr_val ( p_username in varchar2
                                                      , p_password in varchar2
                                                      , p_attrname in varchar2 )
return varchar2
as

  -- Adjust as necessary.
  l_ldap_host    VARCHAR2(256) := 'hct.org';
  l_ldap_port    VARCHAR2(256) := '389';
  l_ldap_user    VARCHAR2(256) := 'cn='||p_username;
  l_ldap_passwd  VARCHAR2(256) := p_password;
  l_ldap_base    VARCHAR2(256) := 'DC=hct,DC=org';

  l_retval       PLS_INTEGER;
  l_session      DBMS_LDAP.session;
  l_attrs        DBMS_LDAP.string_collection;
  l_message      DBMS_LDAP.message;
  l_entry        DBMS_LDAP.message;
  l_attr_name    VARCHAR2(256);
  l_attr_value   VARCHAR2(256);
  l_ber_element  DBMS_LDAP.ber_element;
  l_vals         DBMS_LDAP.string_collection;

BEGIN

  -- Choose to raise exceptions.
  DBMS_LDAP.USE_EXCEPTION := TRUE;

  -- Connect to the LDAP server.
  l_session := DBMS_LDAP.init(hostname => l_ldap_host,
                              portnum  => l_ldap_port);

  l_retval := DBMS_LDAP.simple_bind_s(ld     => l_session,
                                      dn     => l_ldap_user||','||l_ldap_base,
                                      passwd => l_ldap_passwd);

  -- Get specific attributes
  l_attrs(1) := p_attrname;
  l_retval := DBMS_LDAP.search_s(ld       => l_session,
                                 base     => l_ldap_base,
                                 scope    => DBMS_LDAP.SCOPE_SUBTREE,
                                 filter   => l_ldap_user,
                                 attrs    => l_attrs,
                                 attronly => 0,
                                 res      => l_message);

  IF DBMS_LDAP.count_entries(ld => l_session, msg => l_message) > 0 THEN
    -- Get all the entries returned by our search.
    l_entry := DBMS_LDAP.first_entry(ld  => l_session,
                                     msg => l_message);

    << entry_loop >>
    WHILE l_entry IS NOT NULL LOOP
      -- Get all the attributes for this entry.
      DBMS_OUTPUT.PUT_LINE('---------------------------------------');
      l_attr_name := DBMS_LDAP.first_attribute(ld        => l_session,
                                               ldapentry => l_entry,
                                               ber_elem  => l_ber_element);
      << attributes_loop >>
      WHILE l_attr_name IS NOT NULL LOOP
        -- Get all the values for this attribute.
        l_vals := DBMS_LDAP.get_values (ld        => l_session,
                                        ldapentry => l_entry,
                                        attr      => l_attr_name);
        << values_loop >>
        FOR i IN l_vals.FIRST .. l_vals.LAST LOOP
          DBMS_OUTPUT.PUT_LINE('ATTIBUTE_NAME: ' || l_attr_name || ' = ' || SUBSTR(l_vals(i),1,200));
          l_attr_value := l_vals(i);
        END LOOP values_loop;
        l_attr_name := DBMS_LDAP.next_attribute(ld        => l_session,
                                                ldapentry => l_entry,
                                                ber_elem  => l_ber_element);
      END LOOP attibutes_loop;
      l_entry := DBMS_LDAP.next_entry(ld  => l_session,
                                      msg => l_entry);
    END LOOP entry_loop;
  END IF;

  -- Disconnect from the LDAP server.
  l_retval := DBMS_LDAP.unbind_s(ld => l_session);
  DBMS_OUTPUT.PUT_LINE('L_RETVAL: ' || l_retval);
  DBMS_OUTPUT.PUT_LINE('Attribute value: ' || l_attr_value);

  return l_attr_value;

END fnc_get_ldap_user_attr_val;
/

    Then create an Application AI_USER_AD_TITLE tell you item request-> shared components.

    Create following procedure to define the point of application on the connection of the user in your APEX application:

    create or replace procedure ldap_post_auth
as

  l_attr_value varchar2(512):

begin

  l_attr_value := fnc_get_ldap_user_attr_val ( p_username => apex_util.get_session_state('P101_USERNAME')
                                             , p_password => apex_util.get_session_state('P101_PASSWORD')
                                             , p_attrname => 'title' );

  apex_util.set_session_state('AI_USER_AD_TITLE', l_attr_value);

end ldap_post_auth;

    Change the "name of procedure after authentication' in your 'ldap_post_auth' authentication scheme

    Then modify the process in charge on your homepage to your application of PORTALS to:

    begin

    if :AI_USER_AD_TITLE = 'Student' then
        apex_util.redirect_url(p_url=>'f?p=114:1');
    else
        apex_util.redirect_url(p_url=>'f?p=113:1');
    end if;

end;

    I hope this helps!

    Kind regards

    Kiran

  • Import from active directory?

    Hello

    How can I import users active directory with the server vCenter via vSphere Client

    Rizwan

    The vCenter Server is installed needs to be part of a domain.

    Then connect to your vCenter with the vSphere client, choose the "permissions" tab, click on add permissions, click Add once again and you will be at the user and group choose windows. Select your domain from the drop-down superior and users in your domain will be loaded into the Windows of the user below.

    Greetings

  • MRI / sealing server / authentication / Active Directory

    Hello

    I want to use 11g "Sealing Server" to unsealing documents.

    Documentation:
    "The current version supports basic HTTP authentication.
    http://download.Oracle.com/docs/CD/E17904_01/user.1111/e12326/isvsealedcontent002.htm#sthref46

    Is it posible to use authentication Windows Active Directory with "sealing Server?


    Thank you.

    Hello

    The authentication scheme supported only for sealing services is basic authentication.

    Kind regards
    Frank.

  • Integration with Active Directory OraHome92?

    Let me first say that I have absolutely zero knowledge of all Oracle products, I don't know if I'm posting in the right forum, but I'm here, if I need to ask another forum please let me know.

    Question:
    We are Microsoft System administrators. We have a client that is running a very old application to the database on a Windows 2003 server. Currently they use a new database (Oracle, not), but the oracle database must accessible for research in history.

    The application works very well.

    We plan to migrate the domain existing (Active Directory) to a couple of servers R2 2012.

    The 2003 with oracle server is also a domain controller, and we do not want in our field of 2012R2 2003 domain controllers.

    Our question is can demote us this domain controller and Orahome92 will work after the demotion?

    Server 2003 is not the FSMO, the FSMO is a Windows Server 2008.

    In other words, how Orahome92 integrates with Active Directory? Or isn't there any Active Directory integration and may us just demote the server and leave it to run as a member of the domain server?

    Maybe you need more information about oracle, all I can say that the following services are running:

    OracleMTSRecoveryService
    OracleOraHome92TNListener

    OracleServiceORCL

    Oracle installed, but NOT running services:
    OracleOraHome92Agent
    OracleOraHome92ClientCache
    OracleOraHome92HTTPServer

    OracleOraHome92PAgingServer

    OracleOraHome92SNMPPeerEncapsulator

    OracleOraHome92SNMPPeerMasterAgent


    I hope sombody can give treatment of this or point us in the right direction.

    I would not be protected by an export created like this. It is not a full export, is an export of the only pattern and you may need more than that if it is necessary to rebuild the database. In addition, it is not a coherent export which may make it unnecessary. I was running export something like this:

    exp.exe System/sys@oracle_w3 complete file=d:\directory\\file.dmp = compliance = y

    You may think it's all pretty awkward. The problem is that it is generally considered bad practice to install Oracle on a domain controller, unless you install as a member of the domain administrators group. I guess just like you do not have that, you can be able to downgrade the machine without affecting the database. But I don't really know, Windows security is a mystery to me.

  • OEDQ integration with Active Directory - disable SSL

    Hi mates,

    I just installed OEDQ (latest version) on a Unix machine (deployed on WebLogic Server 10.3.6) but I have a few concerns:

    • SSL communications -> is mandatory? I mean, I tried to expose dndirector via a Server Web Apache OHS admin page. I am able to access the page from admin in raw mode, but every time I try to access a specific feature (dashboard, user management, server configuration, etc.) I am redirected to https://< web-server-hostname >: < wls-server-ssl-port > / dndirector, if this is not what I expect. What's wrong? Moreover, if SSL is required, is there a way to expose the console via apache (avoiding any redirect)?

    • OEDQ with Active Directory -> documentation- OEDQ integration with Active Directory - covers just Single Sign-on configuration (on the two Windows/Unix os). What about a simple configuration pointing to an external ldap? The documentation States the following statement:

    It is also possible to configure OEDQ to work with servers of different directory for authentication of users and the identification of the user. For more information on the alternative configurations, "see"contact us" "

    So, how can I achieve this?

    Pointers?

    Thanks in advance,

    Marco

    Marco

    Here is an example configuration that can be used to integrate with AD.  Create a folder called Security in your Disqualification configuration directory, and save the file in this folder as login.properties.  There are a few supporinting of documentation online this process in aid of the Disqualification.

    Here is the file, I'll add a few notes below:

    realms                        = internal, adgss                           = false

ad.realm                      = EXAMPLE.COMad.auth                       = ldapad.auth.bindmethod            = digest-md5ad.auth.binddn                = search: sAMAccountNamead.ldap.server                = dc.example.comad.ldap.auth                  = simplead.ldap.user                  = [email protected]                    = testad.ldap.profile               = adsldapad.ldap.prof.defaultusergroup = testgroupad.ldap.prof.useprimarygroup  = false

    The kingdoms line indicates that the 'internal' (Disqualification internal users such as dnadmin) Kingdom and the Kingdom of AD should be used.  Once you are satisfied with the integration of ads you can remove the internal domain and use AD exclusively.  The domain property sets the name of the field AD - here I used EXAMPLE.COM.

    The server property sets the DNS name of the AD server.  If omitted, it is looked up in the DNS.

    The lines of the user and pw are used to connect to AD Disqualification.

    The defaultusergroup line is the name of a LDAP group that contains all users who will use the Disqualification.  The default value for this is domain users that contains usually much too many users.

    Once it is setup and working, you can go to Setup user Disqualification and see a link to external groups that attach ad with Disqualification groups groups to assign permissions to users.

    I hope this helps.

    Richard

Maybe you are looking for