4.7. Installing the Password Sync Service

Windows Synchronization is mostly handled by the Directory Server alone, but synchronizing passwords requires a special "hook" that catches password changes and sends them over a secure connection between the Directory Server and Active Directory sync peers.

Important

In order to synchronize Windows passwords, you must install Password Sync on every domain controller in the Active Directory domain.
The following steps describe how to install the Password Sync Service:
  1. Click Downloads at the top of the page.
  2. Select Red Hat Directory Server from the product list.
  3. Select your Directory Server Version. After this, a link to download the PassSync Installer is available. This is the Password Sync MSI file. Save the file to the Active Directory machine.
  4. Double-click the Pass Sync MSI file to install it.
  5. The Password Sync Setup window appears. Hit Next to begin installing.
  6. Fill in the Directory Server host name (or IPv4 or IPv6 address), secure port number, user name (such as cn=sync user,cn=config), the certificate token (password), and the search base (for example, ou=People,dc=example,dc=com).
    Hit Next, then Finish to install Password Sync.
  7. Reboot the Windows machine to start Password Sync.

    Note

    The Windows machine must be rebooted. Without the rebooting, PasswordHook.dll is not enabled, and password synchronization will not function.
  8. Configure the Password Sync service. For details, see the Configuring the Password Sync Service section in the Red Hat Directory Server Administration Guide.
The first attempt to synchronize passwords, which happened when the Password Sync application is installed, will always fail because the TLS connection between the Directory Server and Active Directory sync peers. The tools to create the certificate and key databases are installed with the .msi file.
Password Sync and many of its libraries are installed in C:\Program Files\Red Hat Directory Password Synchronization. Some of the files installed with Password Sync are listed in Table 4.1, “Installed Password Sync Libraries”.

Table 4.1. Installed Password Sync Libraries

Directory Library Directory Library
C:\WINDOWS\system32 passhook.dll C:\WINDOWS\system32 libnspr4.dll
C:\WINDOWS\system32 nss3.dll C:\WINDOWS\system32 sqlite3.dll
C:\WINDOWS\system32 softokn3.dll C:\WINDOWS\system32 nssdbm3.dll
C:\WINDOWS\system32 nssutil3.dll   
C:\WINDOWS\system32 smime3.dll C:\WINDOWS\system32 freebl3.dll
C:\Program Files\Red Hat Directory Password Synchronization nsldap32v60.dll C:\Program Files\Red Hat Directory Password Synchronization certutil.exe
C:\Program Files\Red Hat Directory Password Synchronization nsldappr32v60.dll C:\Program Files\Red Hat Directory Password Synchronization nsldapssl32v60.dll
C:\WINDOWS\system32 ssl3.dll C:\WINDOWS\system32 libplc4.dll
C:\Program Files\Red Hat Directory Password Synchronization nssckbi.dll C:\Program Files\Red Hat Directory Password Synchronization nsldif32v60.dll
C:\Program Files\Red Hat Directory Password Synchronization passsync.log[a] C:\Program Files\Red Hat Directory Password Synchronization passsync.exe
C:\WINDOWS\system32 libplds4.dll   
[a] This log file is not an installed library, but it is created at installation.