Using Password Synchronization, you can provide one-way (Windows-to-UNIX) and two-way password synchronization between Windows domains and Network Information Service (NIS) domains. You can do this regardless of whether the master server of the NIS domain is running on UNIX or on Windows (Server for NIS).
If the NIS master server is running UNIX, all that is required to provide one-way synchronization is to install Password Synchronization on all Windows computers (such as the domain controllers) from which you want to synchronize passwords, and then install the single sign-on daemon (SSOD) on the NIS master server. You then edit the sso.conf file on the NIS master server to do the following:
This instructs the SSOD to run the makefile and push the changed maps whenever a password change request is received from the Windows domain. For more information and additional instructions, see To install the Password Synchronization daemon.
If Server for NIS is acting as the master server for the NIS domain, no action is required to provide one-way password synchronization because whenever a Windows user's password is changed, Server for NIS automatically updates the UNIX password for NIS clients. If you also need to synchronize passwords with UNIX computers that are not part of the NIS domain, you can install Password Synchronization on the Windows domain controllers and configure the UNIX computers as described earlier in this topic.
Providing UNIX-to-Windows synchronization is similar for both types of NIS domains, and is accomplished by performing the following operations:
passwd: files [NOTFOUND=continue] nis
shadow: files [NOTFOUND=continue] nis
After you do this, when a user runs the yppasswd command to change the user's password, it is actually the passwd binary file that is run to change the password. If the user's passwd entry is not found in the local passwd and shadow files, the NIS password is changed instead.