160
D14049.07
March 2010
Grey Headline
(continued)
TANDBERG
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Introduction
Overview and
status
System
configuration
VCS
configuration
Zones and
neighbors
Clustering and
peers
Call
processing
Bandwidth
control
Firewall
traversal
Appendices
Applications
Maintenance
Login accounts
Account authentication configuration
About VCS login accounts
The VCS has two types of login account for normal operation:
•
Administrator accounts
: used to configure the VCS.
•
User accounts
: used by individuals in an enterprise to
configure their FindMe profile. They can also be used to enable
basic device provisioning for registered Movi users when the
Starter Pack
option key is installed.
Account authentication
Administrator and user accounts must be authenticated before
access is allowed to the VCS.
The VCS can authenticate accounts either locally or against a
remote directory service, such as Windows Active Directory, using
LDAP. The remote option allows administration groups to be set
up in the directory service for all VCSs in an enterprise, removing
the need to have separate accounts on each VCS.
If a remote source is used for either administrator or user
account authentication you also need to configure the VCS with:
•
appropriate LDAP server connection settings (see
Account
authentication using LDAP
)
•
administrator groups and/or user groups that match the
corresponding group names already set up in the remote
directory service to manage administrator and user access to
this VCS (see
Administrator and user groups
)
Administrator accounts
Administrator accounts are used to configure the VCS. The VCS
has a default
admin
administrator account with full read-write
access and can be used to log in to the VCS using the web
interface or the CLI.
You can add additional administrator accounts which can only be
used to log in through the web interface.
The default
admin
account is managed locally and is always
accessible, even if remote administrator account authentication
is selected.
See the
Administrator accounts
section for more information.
User accounts
User accounts are used by individuals in an enterprise to
configure the devices and locations on which they can be
contacted through their FindMe ID.
Each user account is accessed using a username and password.
•
If local user account authentication is selected, each user
account must be created locally by a VCS administrator.
•
If remote user account authentication is selected, a
VCS administrator must set up user groups to match the
corresponding group names in the remote directory service.
Note that if remote user account authentication is selected, only
the username and password details are managed remotely. All
other properties of the user account, such as the FindMe ID,
devices and locations are stored in the local VCS database.
See the
Maintaining user accounts
section for more information
about defining user account details and their associated FindMe
devices and locations, and for enabling basic
Starter Pack
provisioning.
Use TMS if you need to provision a large number of user
accounts.
See the
TANDBERG Deployment Guide - FindMe [29]
for
more details on configuring FindMe and user accounts.
Root accounts
The VCS provides a root account which can be used to log in
to the VCS operating system. The
root
account should not be
used in normal operation, and in particular system configuration
should not be conducted using this account. Use the
admin
account instead.
See the
Root account
section for more information.
!
Remember to change the passwords for the
admin
and
root
accounts from their default values.
Accounts overview
To specify where administrator and user accounts are
authenticated before access is allowed to the VCS:
•
Maintenance > Login accounts > Configuration
.
You are taken to the
Login account authentication
configuration
page.
To specify authentication sources using the CLI:
•
xConfiguration Login Administrator Source
•
xConfiguration Login User Source
Administrator authentication source
Defines where administrator login credentials are authenticated.
User authentication source:
Defines where user login credentials are authenticated.
The authentication source options are:
Remote
: credentials are verified against an external credentials
directory, for example Windows Active Directory.
Local
: credentials are verified against a local database stored
on the VCS.
After specifying where accounts are authenticated you must set
up the appropriate account details or directory service group
details. The
Related tasks
section at the bottom of the page
provides links to the relevant pages.
See the
TANDBERG Deployment Guide - Authenticating
VCS accounts using LDAP [30]
for more details on
configuring a remote directory service.