Reference12r1:Concept Netlogon Windows Authentication

From innovaphone wiki
Revision as of 16:35, 20 October 2015 by Msc (talk | contribs) (→‎How it works)
Jump to navigation Jump to search
There are also other versions of this article available: Reference12r1 (this version) | Reference12r2 | Reference13r1


Netlogon can be used to verify user credentials against a Windows domain controller. myPBX can use this service to allow users to login with their Windows password.

Applies to

  • innovaphone devices with a PBX from version 12r1.

How it works

The netlogon service passes NTLM hashes to a windows domain controller for verification. myPBX uses the netlogon service for user authentication using windows passwords.

Connection to the domain controller

The netlogon service needs to connect to the DC. It authenticates using a computer account in the domain.

  1. DNS is used to retrieve the IP address of the DC (SRV record for _ldap._tcp.example.com).
  2. The endpoint mapper on the EC is asked for the actual port of the netlogon server on the DC.
  3. A connetion is established to the netlogon server. For authentication the configured computer name and computer password is used.

Login with windows password in myPBX

Netlogon overview.png

Requirements

Windows domain

  • A computer account for the innovaphone device with a known password.
  • User authentication using NTLM must be enabled.

Device

  • Firmware from version 12r1.
  • Working DNS configuration.

PBX

  • The usernames (Name) of the user objects in the PBX must match the Windows user name (samAccountName).

Configuration

Usage

Tracing

Retrieved from "https://wiki.innovaphone.com/index.php?title=Reference12r1:Concept_Netlogon_Windows_Authentication&oldid=39402"