LDAP Based Authentication for AudioCodes Gateways\SBCs


AudioCodes hardware are now becoming preferred solution for most Lync\Skype for Business deployments. For those who are not familiar with AudioCodes hardware, the standard login account for all devices comes as “Admin” with the password as the same. Of course this will get changed to a more complex password later on and it allows creation of local user accounts with different access levels, most organizations prefers to allow Active Directory (AD) to control access in to the device.

AD will have security groups with users, which will have different levels of permission in to the gateways. This article explains how to configure the AudioCodes gateways to authenticate using LDAP. The firmware version of this configuration is version 7.1.x

The 1st thing you need to do is, to enable LDAP authentication on the device. The configuration parameter is located at “Administration” tab

Restart the gateway after enabling this configuration.

Once the Gateway is up, go to “IP Network” and “LDAP Settings”. Enable the “LDAP Service”.

Again, restart the Gateway to apply the configuration. Do not try to pile up the parameters that needs restart to kick in. Restart every time you make a change that require a restart. Once the Gateway is online again, navigate to the “LDAP Settings” again and configure the “LDAP Authentication Filter” as (sAMAccountName=$).

Under “IP Network”, navigate to “LDAP Server Groups” and create a Management Server Group.

Now, create a LDAP Server to authenticate with. Create an LDAP server under “LDAP Servers”. Impotent thing to mention is the LDAP Bind DN add the LDAP Password entries. LDAP Bind DN must be $@domain.com and the Password must be $. Once configured, you will see that the “Connection Status” as “LDAP CONNECTION BROKEN” That status is normal and don’t worry about it. It doesn’t mean that that the Gateway cannot talk to the LDAP server.

Configure the “LDAP Server Search Base DN” this is the OU where the security account that will have access to the Gateway lives. 

Configure a “Management LDAP Group”. This is where you assign the level of permission to the AD security group.

That’s about it with the configuration. Now, the users that are in the “AudioCodes_Access” group should be able to log in using their AD credentials, in to the Gateway.

Advertisements