-policy at both servers Must be the
lowest!
-it will not build new users -only
sync passwords
for linux:single sign on daemon: ssod.lnk,sso.conf
pam_sso.lnk */etc/pam.d/passwd
copy from the cdrom:\Unix\bins\* to
linux:/usr/bin (/usr/local/bin) and
change the name from ssod.lnk to ssod.
also copy pam_sso.lnk to /lib/security
and change his name to pam_sso.so.1
copy /etc/pam.d/system-auth to /etc/pam.d/ssod
at /etc/pam.d/system-auth:
password required
/lib/security/pam_cracklib.so retry=3
after this line add:
password required /lib/security/pam_sso.so.1
delete the line:
password required /lib/security/pam_deny.so
diffok=0 debug <-- will write to
messages
on windowd check the advanced configuration
of computer name and current computers
open sso.conf(that u copied):ENCRYPT_KEY=put
the same as the computer
USE_NIS=1 <-- if u have nis
SYNC_HOSTS=(DCname,6677,ABCDZ#efgh$12345)
ENCRYPT_KEY=ABCDZ#12345
SYNC_USERS=+mosh +kim all
#USE_SHADOW=1 (check that /etc/shadow
is present)
-root -pat <-- to prevent only
users root and pat
execute command: /usr/bin/ssod -v
(verify that the output is last line:Pam_supported
0)
on windows:
-change at account policy & password
policy to 0 ,than restart machine -add group PasswordPropAllow <-- add here the
synchronized password users
PasswordPropDeny
-check or unix answering use telnet
-netstat -na |grep 6677 <-- to
check if windows is listemin on port 6677
-net start netlogon
check : diff system-auth passwd <--
must nut have a difference
|