Steps to configure Password Sync Without Installing NIS ( Windows -> Unix)


1.      Install Password Sync component under IDMU. ( to install this component user needs to be a part of Schema admin/ domain admin and enterprise admin group)

2.      Reboot the box

3.      Open IDMU – Password Sync- properties

a)      Check the option “ Windows to Computer that runs on Unix”

b)      Port number:6677

c)      Generate a new encryption key as highlighted below

pass1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4.      Then go to the configuration tab

a)      Check the option “ Enable extensive logging”

b)      Check the option Enable Windows to NIS (AD) Password Sync

 

 

 pass2

5.     

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 5. Expand password Sync – right click on Unix compouter

6.      Click on Add computer -

pass3

 

 

7.   

 

 

 

 

 

 

 

 

 

 

7. On the edit configuration page:

a)      Check the option “ Synchronize Password changes to < Unix IP address>

b)      Make sure that the Encryption key is same as on the password sync properties page

c)      Port number is 6677

 

 

pass4 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Changes in the Unix box ( for example Solaris is the Unix box)

  1. Download the SSOD binary from http://www.microsoft.com/en-us/download/details.aspx?id=2792 ==> Note even on this download you will only find SSOD package for only SPARC machines.
  2. Copy two files on Solaris 10
  3. Under the folder sol8sparc ==> ssod.so8 to Solaris machine as /usr/bin/ssod
  4. Under the folder bin ==> copy sso.cfg to Solaris machine as /etc/sso.conf
  5. Modify the sso.conf file 
    1. Copied the encryption key which was populated under the Unix computer properties on the Windows 2008 R2 ==> IDMU ==> Password Sync ==> Unix computer
    2. Checked the port number, this should be 6677
    3. Populated the IP address of the Windows 2008 R2 DC. Refer below:
    4. Made sure that we have a common user name on both the Windows DC and the Solaris 10 machine ( ssodtest in my case)
    5. Now changed the password of the user from AD ( keep it to 8 character) . In the events logs got the below success event (ID:4097               

        
        
        
        
        
        
                                   

 

From the Solaris box, logged in with the username (ssodtest) using the new password which I had set from Windows 2008 R2.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  

 

Skip to main content