Operating System - OpenVMS

Password synchronization to Windows using LDAP?

 
SOLVED
Go to solution
Jim Geier_1
Regular Advisor

Password synchronization to Windows using LDAP?

The documentation for the OpenVMS LDAP SYS$ACM Authentication Agent suggests that password synchronization between OpenVMS and Windows is possible. All of the configuration information in the dicumentation is for synchronizing with a server running Advanced Server. We would like to synchronize passwords from our OpenVMS Alpha 8.3 servers to the Windows domain. Is this is a realistic possibility now using the software and tools available? And is anyone actually doing it successfully in production?
11 REPLIES 11
Paul Nunez
Respected Contributor
Solution

Re: Password synchronization to Windows using LDAP?

Hi Jim,

Yes, it is possible. You need to acmeldap v0200 kit. Basically, you:

1. Download and install the dec-axpvms-vms83a_acmeldap-v0200--4 pcsi kit

2. Restore sys$update:acme_dev_kits.bck

3. Install DEC-AXPVMS-V83_ACMELDAP_STD-V0103--4.PCSI;1 and DEC-AXPVMS-V83_ACMELOGIN-V0101--4.PCSI;1

4. Load the Persona Extension with $ mc sysman SYS_LOADABLE ADD LDAPACME LDAPACME$EXT

5. Reboot

6. Configure the ini file (attached)

7. Run @sys$startup:acme$start

8. Confirm LDAP-STD agent is loaded - $ show server acme

9. Set ExtAuth flag on SYSUAF account




Edwin Gersbach_2
Valued Contributor

Re: Password synchronization to Windows using LDAP?

Jim

Have a look at the thread http://forums12.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1206017464895+28353475&threadId=1197550
for some retrictions. Especially read the entry by M. T. Hollinger (4. entry)

Edwin
Hoff
Honored Contributor

Re: Password synchronization to Windows using LDAP?

Configuring LDAP External Authentication:

http://64.223.189.234/node/619


Jim Geier_1
Regular Advisor

Re: Password synchronization to Windows using LDAP?

Thanks for the information. On a standalone AlphaServer running OpenVMS 8.3 and patched up to Update V8, I installed the following three kits:
VMS83A_ACMELDAP V2
V83_ACMELOGIN V1.1
V83_ACMELDAP_STD V1.1

I followed the release notes. I am having a problem with the
SYSMAN SYS_LOADABLE ADD LDAPACME LDAPACME$EXT
step. I see in the file SYS$UPDATE:VMS$SYSTEM_IMAGES.IDX a line indicating "SWsystem image LDAPACME$EXT load failed", and after rebooting, I see in VMS$SYSTEM_IMAGES.DATA (in the directory sys$loadable_images) a message "%SYSINIT, system image LDAPACME$EXT load failed."

Any ideas as to how I can get the image to load and get this working? Might something in the VMS 8.3 Update V8 be incompatible with the LDAP images?
Jim Geier_1
Regular Advisor

Re: Password synchronization to Windows using LDAP?

The error messages may be something of a red herring. The problem with my LDAP-ACME implementation was a problem with the LOGINOUT.EXE image. When I did the PRODUCT INSTALL V83_ACMELOGIN, a message saying that LOGINOUT.EXE would not be replaced because the version already on the system was newer than the image in the kit. This is true, but the version on the system does not have the LDAP-ACME code in it. So after realizing that this was a problem, I extracted LOGINOUT.EXE from the kit, put it in SYS$COMMON:[SYSEXE], did the INSTALL REPLACE and now I have LDAP password synchronization working.

HP OpenVMS Support knows about this problem -- it was first found on OpenVMS on Integrity. The engineering groups are working on a solution.
Bob Olewine
Frequent Advisor

Re: Password synchronization to Windows using LDAP?

I am addressing a similiar problem in that
we woule like to explore having our Alpha
talk to Active Directory and this would appear to be usable here as well. I have a standalone system upgraded to VMS V8.3 with all of the current patches applied so I have the ACME_LDAP V0200 update. Question is ... where do I find(the other two):

VMS83A_ACMELDAP V2 ----- have it
V83_ACMELOGIN V1.1 ------ need it
V83_ACMELDAP_STD V1.1 --- need it

I have a V8.3 distribution kit.

Thank you.
Ian Miller.
Honored Contributor

Re: Password synchronization to Windows using LDAP?

Unpack sys$update:acme_dev_kits.bck

using backup and they are in there
____________________
Purely Personal Opinion
Bob Olewine
Frequent Advisor

Re: Password synchronization to Windows using LDAP?

Thank you!


Jim Geier_1
Regular Advisor

Re: Password synchronization to Windows using LDAP?

I had the LDAP password synchronization working, but not using SSL. Our security require that this use SSL communication. I changed the port number in the initialization file to the port number given by our Windows Server admin . Cycled the OpenVMS system, and now password synchronization is not working.

(1) What is really involved in enabling SSL communication between the OpenVMS system snad the LDAP server?

(2) It is difficult to see what is happening when the password synchronization is working. SHOW SERVICE/FULL ACME gives limited information. What is the best way to debug this problem?

(3) When one makes a change in the configuration file (LDAPACME$CONFIG-STD.INI) what is required to stop and restart the service so that the changes are activated? Can one simply restart the ACME service (SET SERVER/RESTART ACME)?