Event Information | According to Microsoft :
Cause :
This event is logged when generic error for user on the specified host.
Resolution :
Check and correct UNIX-based Password Synchronization configuration
A generic error occurred for user username on the specified host. This error typically originates in the UNIX environment. Make sure that the user account exists on the UNIX-based computer, and that Password Synchronization has been configured in accordance with guidelines in Best Practices for Password Synchronization in the Password Synchronization Help.
If, after checking the UNIX environment, you find that the UNIX-based user account exists, make sure that Password Synchronization has been configured in accordance with guidelines in Best Practices for Password Synchronization in the Password Synchronization Help, especially the following sections that describe how UNIX-based users should be identified to the Windows-based computer running Password Synchronization.
Best Practices for Password Synchronization - Explicitly list the users whose passwords are to be synchronized To provide maximum control over which users can synchronize passwords, do not use the ALL keyword with the SYNC_USERS list in sso.conf on the UNIX host. Instead, you should explicitly list each user for whom password synchronization is allowed or blocked. On the Windows-based computer running Password Synchronization, create the PasswordPropAllow group and add the accounts of users whose passwords you want to synchronize.
- Do not synchronize passwords for disabled UNIX accounts On some versions of UNIX, changing the password of a disabled user account activates that account. Consequently, if a user has a disabled account on a UNIX computer that is configured to synchronize passwords with a Windows-based computer, the user or an administrator can activate the UNIX account by changing the user's Windows password. To prevent this, use the PasswordPropDeny group to block synchronization for disabled UNIX accounts. Also, when an administrator disables a UNIX account, the administrator should use the SYNC_USERS entry in sso.conf to block password synchronization for the account.
- Avoid synchronizing administrator passwords Do not synchronize passwords for members of the Windows Administrators groups or the passwords of UNIX superuser or root accounts.
Add a computer for synchronization
To add a computer for synchronization: - Open the Identity Management for UNIX management console by clicking Start , pointing to Administrative Tools , and then clicking Microsoft Identity Management for UNIX .
You can also open the Identity Management for UNIX management console from within Server Manager, by expanding Roles and then Active Directory Domain Services in the hierarchy pane, and then selecting Microsoft Identity Management for UNIX . - If necessary, connect to the computer you want to manage.
- In the hierarchy pane, under the Password Synchronization node, click UNIX Computers , and then do one of the following.
- Right-click UNIX Computers , and then click Add Computer .
- Click Add Computer in the Actions pane.
- On the Action menu, click Add Computer .
- In the Computer name text box of the Add Computer dialog box, provide the name or IP address of a UNIX-based computer.
- In the Direction of password synchronization area, select the direction of password synchronization for this computer.
- If necessary, specify a different encryption key than the default key, or click Generate key to have Password Synchronization generate a new key for synchronization with this computer.
- If necessary, change the port number this computer monitors for password changes. The default is 6677.
- Click OK .
Verify :
Retry Windows to UNIX password synchronization for any failed user password change attempts to verify that Password Synchronization is operating normally. Password Synchronization is operating normally when password synchronization succeeds and is operating under warning conditions if synchronization fails for some passwords but succeeds for others.
If password synchronization succeeds for some passwords but fails for others, Windows to UNIX Password Synchronization Configuration is likely fully operational, but there might be account- or computer-specific configuration problems preventing password changes from being synchronized on UNIX-based hosts. |