Install the Password Synchronization daemon on UNIX-based computers

Applies To: Windows Server 2008 R2, Windows Server 2012

The Password Synchronization daemon must be installed on computers running a UNIX-based operating system to enable Password Synchronization to change users' passwords on those computers.

Supported UNIX-based operating systems

Password Synchronization supports synchronization with UNIX computers running any of the following operating systems:

  • Hewlett Packard HP UX 11i v1

  • IBM® AIX® version 5L 5.2 and 5L 5.3

  • Linux

    • Novell® SUSE® Linux Enterprise Server 10

    • Red Hat® Enterprise Linux® 4 server

  • SunSM Microsystems Solaris™ 10, Scalable Processor Architecture (SPARC)-compatible versions only

To install the Password Synchronization daemon

Important

The sso.conf file contains encryption keys and other sensitive information. For this reason, it must be accessible only by system administrators.

Perform the following steps to install the Password Synchronization daemon on UNIX-based computers.

To install the Password Syncronization daemon

  1. Download the file ssod.tar.gz from the Web site UNIX Side Components for Identity Management for UNIX (https://go.microsoft.com/fwlink/?LinkId=59120). Save the file to /usr/bin or /usr/local/bin on the UNIX computer, and change its name to ssod . The name of the source binary file depends on the version of UNIX you are using.

    • If the computer is running Hewlett-Packard HP-UX, the source binary file name is ssod.hpx.

    • If the computer is running Novell SUSE Linux Enterprise Server, the source binary file name is ssod.sus.

    • If the computer is running Red Hat Enterprise Linux, the source binary file name is ssod.rhl.

    • If the computer is running Sun Microsystems Solaris, the source binary file name is ssod.sol.

    • If the computer is running IBM AIX, the source binary file name is ssod.aix.

  2. Using a binary file copying method such as File Transfer Protocol (FTP) to avoid corrupting CR/LF (carriage-return/line-feed) pairs, copy Sso.cfg from \Unix\Bins on the computer running Windows Server® 2008 R2 to /etc on the UNIX computer, and change the file name to sso.conf.

  3. Open sso.conf by using a text editor.

  4. If you have changed the default encryption key, edit the following line to specify the new default key. This value must match the default key specified on all domain controllers with which this computer will synchronize passwords:

    **ENCRYPT_KEY=**encryptionKey

  5. If you have changed the default port, edit the following line to specify the new port. This value must match the port number specified on all domain controllers with which this computer will synchronize passwords.

    **PORT_NUMBER=**portNumber

  6. Edit the following line to specify one domain controller in each Windows domain with which the computer must synchronize passwords. If you have specified a nondefault port number or encryption key for the UNIX-based computer when configuring Password Synchronization on the Windows domain controllers, specify that value where indicated; otherwise, leave the value blank:

    **SYNC_HOSTS=(**domainController [ , portNumber [ ,   encryptionKey ]] ) ...

    Each entry in the list must be enclosed by parentheses and separated from the next entry by a blank space.

  7. If the computer is a Network Information Service (NIS) master server, and if you want passwords to be synchronized throughout the NIS domain, edit the following line as shown to enable NIS synchronization:

    USE_NIS=1

    Also, if required, edit the following line to specify the location of the NIS makefile :

    **NIS_UPDATE_PATH=**makefilePath

  8. Set the file permissions of sso.conf to read and write for the root user only, and deny access to all other users.

  9. If the computer is running a Linux-based operating system, copy /etc/pam.d/system-auth to /etc/pam.d/ssod.