Operating System - HP-UX
1839168 Members
2928 Online
110136 Solutions
New Discussion

problems with SSOD and Password Synchronization

 
nameless_girl
Advisor

problems with SSOD and Password Synchronization

I recently upgraded my Windows domain controllers from Server 2000 to 2003, installed and configured Identity Management for UNIX.  I have checked and double checked the encryption keys and port numbers (all same across all my servers).    However, now when my users change their Windows passwords, the changes are not getting to my HP-UX box.  Error in syslog.log is

 

ssod:[9096]: Unable to bind Port Number:  6677

 

But.... when I do a netstat -an | grep LISTEN, I see:

 

tcp        0      0  *.6677                 *.*                     LISTEN

 

which tells me the SSOD daemon is listening on port 6677.  I've tried killing and restarting SSOD, but that apparently did not help.  I also have our fireall admin checking his logs to see if any traffic is making it from the Domain Controllers to the UX system on port 6677, but as a general rule, all TCP traffic is allowed from the WIndows box to the UX box.

 

Any ideas?  I'm about Google'd out at this point! :-)

4 REPLIES 4
Steven Schweda
Honored Contributor

Re: problems with SSOD and Password Synchronization

> I recently upgraded my Windows domain controllers from Server 2000 to
> 2003, installed and configured Identity Management for UNIX.  [...]

   Was the "Identity Management for UNIX" stuff working before the
Windows upgrade, or is this all new stuff which has never worked before?

   I know nothing, but a Google search for:
      ssod hp-ux
led to (among many other things) a Microsoft how-to document:
      http://support.microsoft.com/kb/324542
which suggests that there is a boatload of configuration options (NIS or
not, PAM or not, ...), none of which is revealed in your problem
description.  (And that's only on the HP-UX side.)

> [...] I also have our fireall admin checking his logs [...]

   And is there anything in the system log file(s) on the HP-UX
system(s)?

> [...] I have checked and double checked [...]

   It's nice that you're happy, but we non-psychics have no idea what
you did where, and so have no idea if you know what you're doing or not.
As usual showing actual commands with their actual output can be more
helpful than vague descriptions or interpretations.

nameless_girl
Advisor

Re: problems with SSOD and Password Synchronization

Yes, the password synchronization was working before the upgrade. I've followed the instructions in the article you linked to. I have verified the encryption keys are the same on both sides (windows and UX) and that all servers are configured to use the same port number (6677).

I do see this in my syslog.log file:
Nov 1 12:23:15 tflhp ssod:[2341]: Ssod killed by term signal
Nov 1 12:23:44 tflhp ssod:[16125]: Unable to bind Port Number: 6677
Nov 1 14:21:50 tflhp ssod:[9096]: Unable to bind Port Number: 6677

The "SSOD killed" is from me killing the process and restarting it.

What does the "unable to bind" error mean?

I can telnet to the HP-UX server on port 6677 and it accepts the connection. There is only one instance of port 6677 being listened to. I

running the command "lsof -i :6677" gives

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssod 18397 root 3u IPv4 0xe0000001e6e88740 0t0 TCP *:ssod (LISTEN)






Steven Schweda
Honored Contributor

Re: problems with SSOD and Password Synchronization

> What does the "unable to bind" error mean?

   I'd guess that it means that you're trying to start a daemon which
wants to listen at port 6677 when there's already a daemon running which
is listening at port 6677.  Again, with my weak psychic powers, I don't
know what you killed or started (and when).

 

   And, as before, all I know about the details of your configuration is
that you like them (which knowledge has minimal diagnostic utility).

bill_k_lopez
Occasional Visitor

Re: problems with SSOD and Password Synchronization

Wow Steven - you sound like a real **bleep**.