Show Table of Contents
4.7. Installing the Password Sync Service
Windows Synchronization is mostly handled by the Directory Server alone, but synchronizing passwords requires a special "hook" that catches password changes and sends them over a secure connection between the Directory Server and Active Directory sync peers.
Important
In order to synchronize Windows passwords, you must install Password Sync on every domain controller in the Active Directory domain.
The following steps describe how to install the Password Sync Service:
- Go to the Red Hat Customer Portal.
- Click Downloads at the top of the page.
- Select Red Hat Directory Server from the product list.
- Select your Directory Server Version. After this, a link to download the
PassSync Installeris available. This is the Password Sync MSI file. Save the file to the Active Directory machine. - Double-click the Pass Sync MSI file to install it.
- The Password Sync Setup window appears. Hit Next to begin installing.
- Fill in the Directory Server host name (or IPv4 or IPv6 address), secure port number, user name (such as
cn=sync user,cn=config), the certificate token (password), and the search base (for example,ou=People,dc=example,dc=com).
Hit , then to install Password Sync. - Reboot the Windows machine to start Password Sync.
Note
The Windows machine must be rebooted. Without the rebooting,PasswordHook.dllis not enabled, and password synchronization will not function. - Configure the Password Sync service. For details, see the Configuring the Password Sync Service section in the Red Hat Directory Server Administration Guide.
The first attempt to synchronize passwords, which happened when the Password Sync application is installed, will always fail because the TLS connection between the Directory Server and Active Directory sync peers. The tools to create the certificate and key databases are installed with the
.msi file.
Password Sync and many of its libraries are installed in
C:\Program Files\Red Hat Directory Password Synchronization. Some of the files installed with Password Sync are listed in Table 4.1, “Installed Password Sync Libraries”.
Table 4.1. Installed Password Sync Libraries
| Directory | Library | Directory | Library |
|---|---|---|---|
| C:\WINDOWS\system32 | passhook.dll | C:\WINDOWS\system32 | libnspr4.dll |
| C:\WINDOWS\system32 | nss3.dll | C:\WINDOWS\system32 | sqlite3.dll |
| C:\WINDOWS\system32 | softokn3.dll | C:\WINDOWS\system32 | nssdbm3.dll |
| C:\WINDOWS\system32 | nssutil3.dll | ||
| C:\WINDOWS\system32 | smime3.dll | C:\WINDOWS\system32 | freebl3.dll |
| C:\Program Files\Red Hat Directory Password Synchronization | nsldap32v60.dll | C:\Program Files\Red Hat Directory Password Synchronization | certutil.exe |
| C:\Program Files\Red Hat Directory Password Synchronization | nsldappr32v60.dll | C:\Program Files\Red Hat Directory Password Synchronization | nsldapssl32v60.dll |
| C:\WINDOWS\system32 | ssl3.dll | C:\WINDOWS\system32 | libplc4.dll |
| C:\Program Files\Red Hat Directory Password Synchronization | nssckbi.dll | C:\Program Files\Red Hat Directory Password Synchronization | nsldif32v60.dll |
| C:\Program Files\Red Hat Directory Password Synchronization | passsync.log[a] | C:\Program Files\Red Hat Directory Password Synchronization | passsync.exe |
| C:\WINDOWS\system32 | libplds4.dll | ||
[a]
This log file is not an installed library, but it is created at installation.
| |||
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.