Reference12r1:Concept Netlogon Windows Authentication: Difference between revisions
Jump to navigation
Jump to search
Line 7: | Line 7: | ||
== How it works == | == How it works == | ||
The netlogon service | The netlogon service passes NTLM hashes to a windows domain controller for verification. myPBX uses the netlogon service for user authentication using windows passwords. | ||
=== Connection to the domain controller === | |||
The netlogon service needs to connect to the DC. It authenticates using a computer account in the domain. | |||
# DNS is used to retrieve the IP address of the DC (SRV record for ''_ldap._tcp.example.com''). | |||
# The endpoint mapper on the EC is asked for the actual port of the netlogon server on the DC. | |||
# A connetion is established to the netlogon server. For authentication the configured computer name and computer password is used. | |||
=== Login with windows password in myPBX === | |||
[[Image:Netlogon_overview.png]] | [[Image:Netlogon_overview.png]] |
Revision as of 16:35, 20 October 2015
Netlogon can be used to verify user credentials against a Windows domain controller. myPBX can use this service to allow users to login with their Windows password.
Applies to
- innovaphone devices with a PBX from version 12r1.
How it works
The netlogon service passes NTLM hashes to a windows domain controller for verification. myPBX uses the netlogon service for user authentication using windows passwords.
Connection to the domain controller
The netlogon service needs to connect to the DC. It authenticates using a computer account in the domain.
- DNS is used to retrieve the IP address of the DC (SRV record for _ldap._tcp.example.com).
- The endpoint mapper on the EC is asked for the actual port of the netlogon server on the DC.
- A connetion is established to the netlogon server. For authentication the configured computer name and computer password is used.
Login with windows password in myPBX
Requirements
Windows domain
- A computer account for the innovaphone device with a known password.
- User authentication using NTLM must be enabled.
Device
- Firmware from version 12r1.
- Working DNS configuration.
PBX
- The usernames (Name) of the user objects in the PBX must match the Windows user name (samAccountName).