RealPresence Resource Manager System and Windows Authentication Understanding Directories
Polycom, Inc. 465
When an Active Directory user attempts to log into the RealPresence Resource
Manager system, it authenticates the user by connecting to the domain
controller that it is connected to and passes the user's credentials using
NTLMv2. The credentials are seamlessly passed to the RealPresence Resource
Manager system utilizing a secure channel connection from the user's
workstation, using the credentials with which they logged into the
workstation.
Some important notes about the RealPresence Resource Manager system
Active Directory integration:
• The RealPresence Resource Manager system is not joined to the domain.
Other computers on the network cannot browse its file system and it
cannot be managed remotely by existing IT mechanisms such as SMS.
• The RealPresence Resource Manager system does not modify the Active
Directory in any way.
• The RealPresence Resource Manager system can auto-discover the closest
logical domain controller and Active Directory servers, but to do this the
network DNS server must have a DNS SRV record for these servers. Once
the domain controller’s hostname and IP address have a record on the
DNS, the RealPresence Resource Manager system can auto-discover the IP
address of the domain controller. If your Active Directory does not
publish the domain controller’s hostname and IP address to the network
DNS, you must edit the file to include it.
• The RealPresence Resource Manager system requires that you enable
Digitally sign communications on the Active Directory server.
Generating E.164 Aliases
The RealPresence Resource Manager system generates E.164 aliases for
registered endpoints. The alias it creates is based on the endpoint type, so that
a single user with multiple endpoints can have multiple E.164 aliases.
Polycom CMA Desktop Clients
When a user of a CMA Desktop client successfully logs into a RealPresence
Resource Manager system, the RealPresence Resource Manager system creates
an E.164 alias for that client. This alias is based on the user's phone number in
Active Directory (or a random, unique number, if no phone number is listed
for the user). Users of other endpoints can connect to the user's endpoint by
dialing this alias or by searching for them by name in the directory.
Because the RealPresence Resource Manager system uses NTLMv2, the
password is not stored within and the RealPresence Resource Manager system
never receives the user's password.
