Share via


Steps to configure Password Sync Without Installing NIS ( Windows -> Unix)

1. Install Password Sync component under IDMU. ( to install this component user needs to be a part of Schema admin/ domain admin and enterprise admin group)

2. Reboot the box

3. Open IDMU – Password Sync- properties

a) Check the option “ Windows to Computer that runs on Unix”

b) Port number:6677

c) Generate a new encryption key as highlighted below

pass1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

4. Then go to the configuration tab

a) Check the option “ Enable extensive logging”

b) Check the option Enable Windows to NIS (AD) Password Sync

 

 

 pass2

5.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 5. Expand password Sync – right click on Unix compouter

6. Click on Add computer -

pass3

 

 

7.

 

 

 

 

 

 

 

 

 

 

7. On the edit configuration page:

a) Check the option “ Synchronize Password changes to < Unix IP address>

b) Make sure that the Encryption key is same as on the password sync properties page

c) Port number is 6677

 

 

pass4 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Changes in the Unix box ( for example Solaris is the Unix box)

  1. Download the SSOD binary from https://www.microsoft.com/en-us/download/details.aspx?id=2792 ==> Note even on this download you will only find SSOD package for only SPARC machines.
  2. Copy two files on Solaris 10
  3. Under the folder sol8sparc ==> ssod.so8 to Solaris machine as /usr/bin/ssod
  4. Under the folder bin ==> copy sso.cfg to Solaris machine as /etc/sso.conf
  5. Modify the sso.conf file 
    1. Copied the encryption key which was populated under the Unix computer properties on the Windows 2008 R2 ==> IDMU ==> Password Sync ==> Unix computer

    2. Checked the port number, this should be 6677

    3. Populated the IP address of the Windows 2008 R2 DC. Refer below:

    4. Made sure that we have a common user name on both the Windows DC and the Solaris 10 machine ( ssodtest in my case)

    5. Now changed the password of the user from AD ( keep it to 8 character) . In the events logs got the below success event (ID:4097               

        
        
        
        
        
        
                                   

 

From the Solaris box, logged in with the username (ssodtest) using the new password which I had set from Windows 2008 R2.