Install Password Synchronization on the appropriate Windows
computers. If the passwords of local accounts on a server are to be
synchronized, install Password Synchronization on the server. If
Windows NT domain passwords are to be synchronized, install
Password Synchronization on the primary domain controller of the
domain. If Windows 2000 domain passwords are to be
synchronized, install Password Synchronization on all domain
controllers.
Change other settings, as needed. Be sure to select the
Synchronize password changes from computers that run UNIX to
computers that run Windows check box.
Add the Network Information Service (NIS) master server to the
list of computers with which the Windows computer will synchronize
passwords. Select the NIS master server in the list, click
Configure, select both the Synchronize password changes
to and Synchronize password changes from check boxes,
and then click OK.
Add UNIX computers with which passwords will be synchronized.
For each computer, select the computer in the list, click
Configure, clear the Synchronize password changes to
check box, select the Synchronize password changes from
check box, and then click OK. If you want to use nondefault
values, specify values for the port number, encryption key, or
both.
Ensure that the Password Synchronization configurations on all
domain controllers in the domain are identical.
Configuring UNIX systems
Step
Reference
Install and configure the Password Synchronization single
sign-on daemon (SSOD) on the NIS master server. Be sure to change
the default encryption key in the sso.conf file to match the
Password Synchronization encryption key set in previous steps
before copying it to the server, and edit it to specify the
following:
USE_NIS=1
NIS_UPDATE_PATH=Makefile_path, where
Makefile_path is the path and name of the NIS makefile, such
as /var/yp/Makefile
Install and configure the Password Synchronization pluggable
authentication module (PAM) on all UNIX computers from which
password changes are to be synchronized with Windows passwords.
Typically, this would be any computer on which users would run
yppasswd and any standalone computers (computers that do not
belong to the domain).
Copy the sso.conf file from the NIS master server to the /etc
directory of each computer on which the Password Synchronization
PAM module is installed.
On each NIS client on which you installed the Password
Synchronization PAM module, replace the yppasswd binary file with a
link to the passwd binary file, and then edit the
/etc/nsswitch.conf file to change the passwd and shadow lines, as
shown: