| Add_workflow_for_techpubs |
|---|
| AUTH1 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
|---|
| JIRAIDAUTH | SYM-13440 |
|---|
| REV5 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
|---|
| REV6 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
|---|
| REV3 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ce8a0be9, userName='null'} |
|---|
| REV1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc7d083d, userName='null'} |
|---|
|
...
| Excerpt |
|---|
This page explains how to configure the Sonus to use Active Directory services. |
| Note |
|---|
|
Active Directory is always enabled by default, no licensing action is required to turn it on. |
This process comprises three parts:
...
The Active Directory configuration part is where you turn on Active Directory (AD), set the way the Sonus
will will communicate with the AD server.
...
| Excerpt |
|---|
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Auth and Directory Services > Active Directory > Configuration.  Image Removed| Panel |
|---|
| | Caption |
|---|
| 0 | Figure |
|---|
| 1 | Active Directory Configuration |
|---|
|  Image Added
|
|
|
Active Directory Configuration - Field Definitions
...
| Panel |
|---|
| bgColor | #FAFAFA |
|---|
| borderStyle | none |
|---|
|
Specifies the method used by the Sonus to communicate with Active Directory in order to achieve a balance between performance and accuracy.- Online: All AD queries are sent directly to the DC - no information is cached. User authentication using Active Directory is also enabled in this mode. Online mode can result in a heavy DC load, thus using Online mode is not recommended.
- Updates: In this mode, a local cache is built and used to lookup Active Directory searchable fields. If the SBC's cache is filled to capacity, first the cache, then the DC will be queried in attempts to find a match. User authentication using Active Directory is also enabled in this mode; however, sensitive information (including passwords) is not cached.
- Auth-Only: Allows user authentication using Active Directory, but no Active Directory queries are allowed.
- Cache Lookup Only: When selected, the SBC examines only the local AD Cache for the requested attribute. Even if the cache is filled to capacity, the DC will not be queried. The call fails if no match is found in the local cache.
| Info |
|---|
| icon | false |
|---|
| title | SBC 1000 Note: |
|---|
| Sonus recommends the use of an external USB or ASM module for AD Cache backup on the SBC 1000 when either the Updates or Cache Only mode is the selected operating mode. |
| Info |
|---|
An SNMP alarm will be generated if the local AD cache reaches capacity. |
| Info |
|---|
If your cache reaches capacity when in Update Mode, the SBC will automatically query the DC for any entries that are not cached. Queries to the DC are never normalized. Routing may intermittently fail if your transformations rely on normalized cache entries. |
| Info |
|---|
Be aware that Cache Normalization is not performed on queries to the DC, even in Update Mode with Normalize Cache set to True. Therefore, transformations that rely on normalization (e.g. msRTCSIP-Line transformations that do not include tel: ) will fail for queries that resort to a DC lookup. If you're cache reaches capacity: - Reduce the number of cached attributes so that the cache is no longer at capacity
- Set Normalize Cache to False and modify any transformation that relies on the cache being normalized. (suggested)
- Add transformations to route both normalized and non-normalized AD call route queries. (avoid)
|
|
Query/Cache Attributes
| Panel |
|---|
| bgColor | #FAFAFA |
|---|
| borderStyle | none |
|---|
|
Specifies which attributes are cached from Active Directory. The attribute names specified must be consistent with attribute names in Active Directory. |
Nested Group Lookup for Authentication
...
| Panel |
|---|
| bgColor | #FAFAFA |
|---|
| borderStyle | none |
|---|
|
Specifies the time (system time) at which the first AD Cache update occurs after initial SBC power up or after an AD Configuration has been edited and applied. This field is visible only when the Configure Initial Update Time field is set to True. | Info |
|---|
The last saved AD Cache is used until the first update specified by this field occurs. |
| Info |
|---|
On the SBC 2000 or the SBC 1000 (if it has an external external USB or ASM module), it is recommended to do the following - Set Update Frequency to 1440 minutes (24 hours)
- Set Configure Initial Update Time to True
- Configure First Update Time in a 24 hour format
The preceding procedure ensures that the cache refresh will always occur at a desired time instead of a random time. Only increase the cache Update Frequency to occur more often if there are frequent changes to the Windows Domain Controller; otherwise, once every 24 hours should be sufficient.
|
|
AD Backup Failure Alarm
| Panel |
|---|
| bgColor | #FAFAFA |
|---|
| borderStyle | none |
|---|
|
When Enabled, the SBC will raise an alarm and send an SNMP Trap if the AD Cache backup fails. This parameter controls the alarm and trap generation only. It does not control the AD Cache backup function. |
Encrypt AD Cache
...
| Panel |
|---|
| bgColor | #FAFAFA |
|---|
| borderStyle | none |
|---|
|
NOTE: The Encrypt AD Cache is available on the SBC 1000 and SBC 2000 only. The Encrypt AD Cache option allows the SBC Edge (SBC 1000, SBC 2000) to encrypt the AD cache when stored on any media (internal eUSB, external USB, or ASM). The AD cache contents can then only be viewed when it is decrypted with the correct password. This encryption secures the contents against unauthorized viewing. Valid options: True (encrypts the AD cache) or False (does not encrypt the AD cache). Default entry: FalseSpecifies which attributes are cached from Active Directory. The attribute names specified must be consistent with attribute names in Active Directory. |