How to setup an account
There is no single way how Office Communications Servers are set up. Therefore setting up an account depends on the type of installation which you want to connect to with SIPE.
Please also make sure to read the Frequently Asked Questions page.
Please note that this page only describes the setup for the latest SIPE release. If you use an older version not all of the information might apply to your. You should try to update to the latest version.
NOTE: search engines deliver a lot of different hits when users search for SIPE configuration tips. Most of these pages are either
- out of date, i.e. they refer to obsolete versions of SIPE,
- assume that the reader has the same environment/SIPE version as the writer, or
- simply contain incorrect information
This page and the Frequently Asked Questions page are the only official information sources supported by the SIPE project. User reports about setup problems pointing to any other pages will be ignored.
Glossary
This section defines the terms which will be used in this article.
| Tag | Description |
|---|---|
| Basic | this setting can be found on the Basic tab of the account setup dialog in Pidgin |
| Advanced | this setting can be found on the Advanced tab of the account setup dialog in Pidgin |
| Configurable | the availability of this setting depends on the version of SIPE installed on your system |
| Optional | this setting is optional and can usually be left empty |
If you don't use Pidgin then you'll need to check where in your IM client you can change the SIPE settings.
Account
The user part in Username and Login.
Examples |
------------ | -----------------------
first.last | In email addresses
short | Windows Domain account or Kerberos user name
Authentication scheme
Advanced
The scheme SIPE should use to authenticate the user against the server.
Choice |
---------- | -----------------------
Auto | This is the default which tries TLS-DSK, Kerberos and then NTLM
NTLM | use NTLM
Kerberos | use Kerberos (Configurable)
TLS-DSK | use TLS-DSK
BPOS
Microsoft Business Professional Online Suite (BPOS) is the predecessor of Office 365.
Connection Type
Advanced
The type of connection SIPE should use to communicate with the server.
Choice |
--------- | -----------------------
Auto | This is the default which selects an encrypted channel and is usually correct
SSL/TLS | Use an encrypted channel to communicate with the server
This is most likely the correct value if Auto doesn't work for you.
TCP | Use an unencrypted(!) channel to communicate with the server
Only very old installations will use this. For most user this is the wrong choice. DO NOT USE unless you have been explicitly advised to do so.
Domain
The domain part in Username and Login. This usually contains the company name.
Examples |
------------- | ---------------------
company.com | In email addresses or Kerberos realm names
The name is case insensitive, i.e. xxx and XXX are the same.
companyCOMPANYcompany.comCOMPANY.COM | Windows Domain names
The name is case sensitive, i.e. xxx and XXX are different names.
Kerberos
Kerberos is an authentication scheme that supports Single Sign-On. Microsoft Windows does support Kerberos out-of-the-box as it is used for Windows Domain authentication. UNIX/Linux systems require additional software and set up, but in mixed environments it is usually possible for them to communicate with the Kerberos servers from the Windows Domain.
Login
Basic (Optional)
The name SIPE should use for authentication requests. This setting will be ignored when Single Sign-On is selected.
Examples |
----------------- | ---------------------------
field is empty | The value from Username will be used
This is usually the correct value for Kerberos and Office 365 accounts
DOMAIN\account | This is usually the correct value for Windows Domain accounts
account@domain | Kerberos name and realm
account\@domain | Enterprise principal
Not all authentication schemes support this
account | Authentication with empty domain
This is usually not the correct choice.
Lync
Microsoft Lync is the new name for Office Communicator.
NTLM
NT LAN Manager is an authentication protocol from the Microsoft Windows world. For company internal Office Communicator installations this the correct choice.
It supports Single Sign-On when you use SIPE on Windows configured for SSPI.
It supports Single Sign-On when you use SIPE on UNIX/Linux systems configured for GSS-NTLMSSP, a GSSAPI mechanism plugin that implements NTLM. Please note that at the time of this writing it requires manual set up by the user.
Office 365
Office 365 is a subscription based service offered by Microsoft that includes support for Lync. Nowadays many companies move from their internal Office Communicator installation to this service or use it to replace their old messaging systems.
Connecting to an Office 365 account requires the TLS-DSK authentication scheme and usually does not support Single Sign-On.
Office 365 is the successor of the Microsoft Business Professional Online Suite (BPOS).
Password
Basic (Optional)
The password SIPE should use for authentication requests. This setting will be ignored when Single Sign-On is selected.
If you leave it empty then Pidgin will ask for it every time the account gets enabled, e.g. at every startup. Please note that Pidgin currently stores the value as cleartext in the configuration file.
Which of your different passwords is the correct one depends on your installation. The most common choices are
- Windows Domain
- Office 365
- Kerberos
- Windows Live ID
Server & Port
Advanced: Server[:Port]
Usually Office Communicator is set up so that clients can automatically determine to which server to connect based on the Username. It is not a good idea to enter anything in this field unless the auto-discovery doesn't work for you.
The most common problem for auto-discovery is that Office Communicator and Voice over IP are based on the same protocol: SIP. Many companies give VoIP a higher priority for auto-discovery from the Internet and therefore SIPE ends up trying to talk to a VoIP server when used outside the company Intranet.
Examples |
--------------------- | ---------------------------------
field is empty | Auto-discover server from Username
This is the correct choice for most users
sip.company.com:443 |
company.com:5061 |
sipdir.online.lync.com:443 | Fallback server for Office 365 accounts in case that Auto-discover should fail
Single Sign-On
Advanced: Use Single Sign-On
Single Sign-On (SSO) enables SIPE to connect to the server without requiring a password. When selected the settings for Login and Password will be ignored.
DO NOT SELECT it unless you are sure that Single Sign-On is supported for your setup.
Setups which support Single Sign-On:
- Windows, system joined to Windows Domain, SIPE with SSPI, NTLM
- Windows, system joined to Windows Domain, SIPE with SSPI, Kerberos
- Windows, system joined to Windows Domain, SIPE with SSPI, TLS-DSK (depends on setup, usually not supported for Office 365 accounts)
- SIPE compiled with GSSAPI support, valid TGT in cache, Kerberos
- SIPE compiled with GSSAPI & GSS-NTLMSSP support, NTLM
NOTE: non-Windows users in environments without GSS-NTLMSSP support but with mixed NTLM/Kerberos support for HTTP servers will need to select Kerberos and disable Single-Sign On. As long as there is a valid TGT in the cache, Kerberos will use it for SSO.
Skype for Business
Skype for Business is the new name for Lync
SSPI
Security Support Provider Interface is a Windows API used by the Windows version of SIPE to acquire authentication data from the operating system. It supports Single Sign-On if the system has joined the Windows Domain.
TLS-DSK
A new authentication scheme introduced in Lync. It is used for hosted Lync installations, e.g. Office 365.
User Agent
Advanced (Optional)
The Office Communications server can be set up to reject connections from unsupported clients. By setting this value you tell SIPE to mask itself as a different client to circumvent this filter mechanism.
Over the years users have reported various different values that they needed to use to be able to connect with SIPE. See the list maintained on the Frequently Asked Questions page.
You should also consider to ask your IT department to allow SIPE as an official client.
Username
Basic
The account or handle which identifies you in Office Communicator. If other users want to talk to you, this is the name they will enter into their client.
Examples |
-------------------- | --------------------------
your email address | This is by far the most common set up, i.e. your company email address is also your username in Office Communicator.
first.last@domain |
account@domain |
Windows Domain
In a typical company environment all Windows machines are joined to one Windows Domain for authentication and management purposes, Users get assigned an Account with a Password to be able to access any services in that domain.
Configuration Examples
Company account with Single Sign-On
This is the most common case for Windows users or if your computer is set up to use Kerberos. You need to fill in the following fields:
Field |
----------------------- | -----------------------------
Username |
Authentication scheme | Auto, NTLM or Kerberos
Use Single Sign-On | ticked
Account without Single Sign-On
You need to fill in the following fields:
Field |
----------------------- | -----------------------------
Username |
Login |
Password | If you want to save it
Authentication scheme |
Use Single Sign-On | not ticked
Office 365 account
You need to fill in the following fields:
Field |
----------------------- | -----------------------------
Username |
Login | Only if your Username and Login are different
Password | If you want to save it
User Agent | must be set
Use Single Sign-On | not ticked
Related
Forums: Web ticket request failed; Skype for Business 2016 / Lync (Windows 10)
Forums: Having trouble connecting on linux with pidgin-sipe after company upgraded to skype for business online
Wiki: Frequently Asked Questions
Wiki: Home
