PAM module does not work properly with UNIX NIS Master and Windows 2008 R2

Consider this scenario:

RHEL is working as a NIS Master server. Windows 2008 R2 box is installed with Password synchronization component. Also, the SSOD module has been configured to run on RHEL. PAM module has been added on the RHEL box as well. BTW, new SSOD for Windows 2008 R2 here : https://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=31518c70-1673-4be7-9e53-1c8a7d0d2643

When a normal user tries to change the password from the UNIX box; the password gets changed and the same is synced with Windows box.

We get an error message when root user tries to change the password of a normal user; although the password is changed.

“RPC: can’t encode argument. passwd: Failed preliminary check by password service”

I have found a simple resolution for this:

Modify the /etc/pam.d/system-auth file. Remove “nis” from password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis; and save the file.

HTH J