Event ID 8201 — Windows to UNIX Password Synchronization Service -- Run-time Issues
Applies To: Windows Server 2008 R2
Windows to UNIX Password Synchronization Service -- Run-time Issues indicates the functionality of Windows to UNIX password synchronization operations.
When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user's password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.
|Product:||Windows Identity Management for UNIX|
|Message:||Password propagation failed. User does not exist on the specified host. %ruser = %1 %rhost = %2|
Make sure that the UNIX user account exists, and add it if it does not exist
Password propagation failed. The user account does not exist on the specified host. Verify that the user account exists on the UNIX-based computer, and that Password Synchronization has been configured in accordance with guidelines in Best Practices for Password Synchronization in the Password Synchronization Help, especially the following section.
Best Practices for Password Synchronization
- Explicitly list the users whose passwords are to be synchronized To provide maximum control over which users can synchronize passwords, do not use the ALL keyword with the SYNC_USERS list in sso.conf on the UNIX host. Instead, you should explicitly list each user for whom password synchronization is allowed or blocked. On the Windows-based computer running Password Synchronization, create the PasswordPropAllow group and add the accounts of users whose passwords you want to synchronize.
Add a computer for synchronization
To add a computer for synchronization:
Open the Identity Management for UNIX management console by clicking Start, pointing to Administrative Tools, and then clicking Microsoft Identity Management for UNIX.
You can also open the Identity Management for UNIX management console from within Server Manager, by expanding Roles and then Active Directory Domain Services in the hierarchy pane, and then selecting Microsoft Identity Management for UNIX.
If necessary, connect to the computer you want to manage.
In the hierarchy pane, under the Password Synchronization node, click UNIX Computers, and then do one of the following.
- Right-click UNIX Computers, and then click Add Computer.
- Click Add Computer in the Actions pane.
- On the Action menu, click Add Computer.
In the Computer name text box of the Add Computer dialog box, provide the name or IP address of a UNIX-based computer.
In the Direction of password synchronization area, select the direction of password synchronization for this computer.
If necessary, specify a different encryption key than the default key, or click Generate key to have Password Synchronization generate a new key for synchronization with this computer.
If necessary, change the port number this computer monitors for password changes. The default is 6677. Click OK.
Retry Windows to UNIX password synchronization for failed user password changes to verify that it is operational. Password Synchronization is fully operational when the password synchronization succeeds, and operating under warning conditions if password synchronization fails for some passwords but succeeds for others.
If password synchronization succeeds for some passwords but fails for others, the Windows to UNIX Password Synchronization Service is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts.