Microsoft KB Archive/312946

= How to Use Services for UNIX to Synchronize Passwords with a NIS Domain =

Article ID: 312946

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows Services for UNIX 2.0 Standard Edition
 * Microsoft Windows Services for UNIX 2.1
 * Microsoft Windows Services for Unix 2.2
 * Microsoft Windows Services for Unix 2.3
 * Microsoft Windows Services for UNIX 3.0 Standard Edition

-



This article was previously published under Q312946



SUMMARY
You can us Password Synchronization to provide one-way (Windows-to-UNIX) and two-way password synchronization between Windows-based domains and Network Information Service (NIS) domains. You can do this whether the master server of the NIS domain is running on UNIX or is running Windows (Server for NIS).



MORE INFORMATION
If the NIS master server is running UNIX, you can provide one-way synchronization by following these steps:  Install Password Synchronization on all of the Windows-based computers (such as the domain controllers) from which you want to synchronize passwords. Install the single-sign-on daemon (SSOD) on the NIS master server. Edit the sso.conf file on the NIS master server as follows:  Set USE_NIS to 1. Set NIS_UPDATE_PATH to specify the location of the NIS makefile file.

This instructs the SSOD to run the makefile file and to push the changed maps when a password-change request is received from the Windows-based domain.</ol>

If Server for NIS is acting as the master server for the NIS domain, you do not have to do anything to provide one-way password synchronization. When a Windows user changes his or her password, Server for NIS automatically updates the UNIX password for NIS clients. If you also want to synchronize passwords with UNIX computers that are not part of the NIS domain, you can install Password Synchronization on the Windows-based domain controllers and configure the UNIX computers as described earlier in this article.

Providing UNIX-to-Windows synchronization is similar for both types of NIS domains. To do this:  If the NIS master server is running UNIX, configure it for one-way synchronization as described earlier in this article.</li> Install Password Synchronization on all domain controllers. If the NIS master server is a UNIX computer, configure Password Synchronization on Windows for two-way synchronization with the master server. Add each NIS client to the list of computers that Password Synchronization synchronizes with. Make sure to turn on UNIX-to-Windows synchronization and to turn off Windows-to-UNIX synchronization. Windows-to-UNIX synchronization must be turned on only for the NIS master.</li> Install the Password Synchronization pluggable authentication module (PAM) on each NIS client, and then copy the sso.conf file from the master server to the /etc folder on those clients.</li> If the NIS master server is a Windows-based computer that runs Server for NIS, copy the Sso.cfg file to one of the NIS clients. Set SYNC_HOSTS to specify the computer that is running Server for NIS as the Windows-based computer with which to synchronize passwords, and then copy that file to the other UNIX clients.</li> Configure each UNIX computer to allow users to use the yppasswd command to change their passwords. To do this, replace the yppasswd binary file on the UNIX computer with a link to the passwd binary file, and then edit the /etc/nsswitch.conf file to replace the passwd and shadow lines with the following lines:

passwd: files [NOTFOUND=continue] nis

shadow: files [NOTFOUND=continue] nis

After you do this, when a user runs the yppasswd command to change his or her password, the passwd binary file is run to change the password. If the user's passwd entry is not found in the local passwd and shadow files, the NIS password is changed instead.</li></ol>

Additional query words: SFU sync sso.conf solar coaster solarcoaster interix

Keywords: kbinfo KB312946

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.