Steps to configure Password Sync Without Installing NIS ( Windows -> Unix)
1. Install Password Sync component under IDMU. ( to install this component user needs to be a part of Schema admin/ domain admin and enterprise admin group)
2. Reboot the box
3. Open IDMU – Password Sync- properties
a) Check the option “ Windows to Computer that runs on Unix”
b) Port number:6677
c) Generate a new encryption key as highlighted below
4. Then go to the configuration tab
a) Check the option “ Enable extensive logging”
b) Check the option Enable Windows to NIS (AD) Password Sync
5.
5. Expand password Sync – right click on Unix compouter
6. Click on Add computer -
7.
7. On the edit configuration page:
a) Check the option “ Synchronize Password changes to < Unix IP address>
b) Make sure that the Encryption key is same as on the password sync properties page
c) Port number is 6677
Changes in the Unix box ( for example Solaris is the Unix box)
- Download the SSOD binary from https://www.microsoft.com/en-us/download/details.aspx?id=2792 ==> Note even on this download you will only find SSOD package for only SPARC machines.
- Copy two files on Solaris 10
- Under the folder sol8sparc ==> ssod.so8 to Solaris machine as /usr/bin/ssod
- Under the folder bin ==> copy sso.cfg to Solaris machine as /etc/sso.conf
- Modify the sso.conf file
Copied the encryption key which was populated under the Unix computer properties on the Windows 2008 R2 ==> IDMU ==> Password Sync ==> Unix computer
Checked the port number, this should be 6677
Populated the IP address of the Windows 2008 R2 DC. Refer below:
Made sure that we have a common user name on both the Windows DC and the Solaris 10 machine ( ssodtest in my case)
Now changed the password of the user from AD ( keep it to 8 character) . In the events logs got the below success event (ID:4097
From the Solaris box, logged in with the username (ssodtest) using the new password which I had set from Windows 2008 R2.