Got it
Huawei Enterprise Support Community
Community Forums Intelligent Collaboration
Configuring External Auth...

Configuring External Authentication for Standalone and Built-in SCs

Latest reply: Jan 13, 2019 13:24:26 214 1 0 0 0
View the author 1#

Configuring External Authentication for Standalone and Built-in SCs

Background

When a device initiates a registration request to the SC, the SC needs to authenticate the device. For manageable and unmanageable devices on the SMC2.0, they are authenticated by the SC when being added to the SMC2.0. For external devices that are not added to the SMC2.0, the SC performs external authentication for them.

Two external authentication modes are available: H.350 and LDAP.

  • H.350: The SC requests the external server through H.350 to authenticate the device.
  • LDAP: The SC requests the external server through LDAP to authenticate the device. LDAP authentication is classified into domain account authentication and non-domain account authentication.
    1. Domain account authentication: If you want to authenticate a device through its domain account, set the external authentication mode to this option.
    2. Non-domain account authentication: If you want to authenticate a device through a non-domain account, set the external authentication mode to this option.
You can configure the SC external authentication mode on the SMC2.0 web interface. The following describes the procedure.

Procedure

  1. Log in to the SMC2.0 web interface.
  2. Choose Devices > Switch Centers
    Access the SC list.
  3. Select the SC to be configured and click Edit
    The Edit page is displayed.
  4. In External Authentication Mode, configure the SC external authentication mode, as shown in Figure 1Table 1 describes the parameters.

    Figure 1 External authentication mode 
    SMC2_cfgg_00005_37.png
    Table 1 H.350

    Parameter

    Description

    How to Set

    Authentication mode

    Indicates the authentication mode that the SC uses to authenticate an external device when the device initiates a registration request to the SC.

    Default value: None

    		Select H.350.

    Server Address

    Indicates the IP address of the external device.

    		Set this parameter to the actual IP address of the external device.

    User name

    Indicates the user name used to connect to the H.350 server when the SC uses the H.350 authentication mode.

    		Set this parameter to the actual H.350 server user name.

    Key

    Indicates the key used to connect to the H.350 server when the SC uses the H.350 authentication mode.

    		Set this parameter to the actual H.350 server key.

    Transmission protocol

    Indicates the protocol used by the SC to communicate with the external device.

    Default value: LDAPS

    		Set this parameter to LDAP or LDAPS based on the site requirements.
    NOTE:
    If this parameter is set to LDAPS, click Import LDAP Certificate and upload an LDAP certificate based on the onscreen instruction.

    Base DN (distinguished name)

    Indicates the directory where authentication information is stored on an external device. After you set this parameter, the SC can determine the device information at which location to be used during authentication.

    		Set this parameter to the actual base DN of the external device.

    For example, if the authentication information for an external device is stored in cn=user00x,ou=users,o=example,c=com, set this parameter to cn=user00x,ou=users,o=example,c=com.

    Table 2 LDAP - domain account authentication

    Parameter

    Description

    How to Set

    Authentication mode

    Indicates the authentication mode that the SC uses to authenticate an external device when the device initiates a registration request to the SC.

    Default value: None

    		Select LDAP.
    NOTE:
    If the LDAP option is unavailable for Authentication mode, change the value of ShowLdapAuth to true in the database. For details, see the HUAWEI SMC2.0 V500R002C00 Uncommon Function Configuration Guide.

    Server IP address

    Indicates the IP address of the external device.

    		Set this parameter to the actual IP address of the external device.

    Transmission protocol

    Indicates the protocol used by the SC to communicate with the external device.

    Default value: LDAPS

    		Set this parameter to LDAP.

    Support domain account

    Indicates whether to enable domain account authentication.

    		Ensure that Support domain account is selected.
    Table 3 LDAP - non-domain account authentication

    Parameter

    Description

    How to Set

    Authentication mode

    Indicates the authentication mode that the SC uses to authenticate an external device when the device initiates a registration request to the SC.

    Default value: None

    		Select LDAP.
    NOTE:
    If the LDAP option is unavailable for Authentication mode, change the value of ShowLdapAuth to true in the database. For details, see the HUAWEI SMC2.0 V500R002C00 Uncommon Function Configuration Guide.

    Server IP address

    Indicates the IP address of the external device.

    		Set this parameter to the actual IP address of the external device.

    Transmission protocol

    Indicates the protocol used by the SC to communicate with the external device.

    Default value: LDAPS

    		Set this parameter to LDAP or LDAPS based on the site requirements.
    NOTE:
    If this parameter is set to LDAPS, click Import LDAP Certificate and upload an LDAP certificate based on the onscreen instruction.

    Base DN (distinguished name)

    Indicates the directory where authentication information is stored on an external device. After you set this parameter, the SC can determine the device information at which location to be used during authentication.

    		Set this parameter to the actual base DN of the external device.

    For example, if the authentication information for an external device is stored in cn=user00x,ou=users,o=example,c=com, set this parameter to cn=user00x,ou=users,o=example,c=com.

    Naming attribute

    Indicates the user name of the external device server.

    		Set this parameter to the naming attribute of the external device.

    For example, if the naming attribute of an external device is cn, set this parameter to cn.

    Support domain account

    Indicates whether to enable domain account authentication.

    		Ensure that Support domain account is selected.

Verification

Assume that a TE Desktop client uses domain account authentication to register with the SC. The following describes how to verify the preceding configuration. Ensure that the following conditions are met:
  • The authentication mode for the SC has been set to domain account authentication on the SMC2.0 web interface.
  • A domain account and its password have been obtained. The account and password are used for registering with the SC and logging in to the TE Desktop.
  1. Open TE Desktop and click Server Settings in the login window. 
    The registration server configuration window is displayed.
  2. On the Registration Server tab page, enter the server IP address and URI in Address and SIP URI respectively, as shown in Figure 2.

    Figure 2 Registration Server 
    SMC2_cfgg_00005_38.png

  3. On the Advanced Settings tab page, set Transmission Type, as shown in Figure 3.

    Figure 3 Advanced Settings 
    SMC2_cfgg_00005_39.png

  4. Click Save. 
    The system returns to the TE Desktop login window.
  5. Enter the user name and password for logging in to the TE Desktop, as shown in Figure 4.

    Figure 4 Logging in to the TE Desktop 
    SMC2_cfgg_00005_40.png

  6. Log in to the SMC2.0 web interface.
  7. Choose Devices > Switch Centers
    Access the SC list.
  8. Click the SC with which the TE Desktop has registered.
  9. Click the Registered Nodes tab on the page that is displayed.
  10. Select the registered TE Desktop in the registration list. 
    Details of the TE Desktop are displayed in the lower part of the page.
  11. On the Details tab page, view information under Other Parameters.

    Figure 5 Other Parameters 
    SMC2_cfgg_00005_41.png


    If the authentication type is External, as shown in Figure 5, the domain account authentication for the SC has been configured successfully.


Like (0) Dislike (0) Favorite(0) Share Report
Previous: The number you dialed does not exist.[%XH]
Next: Configuring AD User Login for SMC 2.0
(0) (0)
2#
KarimUC
Created Jan 13, 2019 13:24:26

good info sharing
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.