Re: problems with SSOD and Password Synchronization (252 Views)
Reply
Advisor
nameless_girl
Posts: 29
Registered: ‎11-11-2010
Message 1 of 5 (427 Views)

problems with SSOD and Password Synchronization

I recently upgraded my Windows domain controllers from Server 2000 to 2003, installed and configured Identity Management for UNIX.  I have checked and double checked the encryption keys and port numbers (all same across all my servers).    However, now when my users change their Windows passwords, the changes are not getting to my HP-UX box.  Error in syslog.log is 

 

ssod:[9096]: Unable to bind Port Number:  6677

 

But.... when I do a netstat -an | grep LISTEN, I see:

 

tcp        0      0  *.6677                 *.*                     LISTEN

 

which tells me the SSOD daemon is listening on port 6677.  I've tried killing and restarting SSOD, but that apparently did not help.  I also have our fireall admin checking his logs to see if any traffic is making it from the Domain Controllers to the UX system on port 6677, but as a general rule, all TCP traffic is allowed from the WIndows box to the UX box.

 

Any ideas?  I'm about Google'd out at this point! :-)

Please use plain text.
Honored Contributor
Steven Schweda
Posts: 9,084
Registered: ‎02-23-2005
Message 2 of 5 (425 Views)

Re: problems with SSOD and Password Synchronization

> I recently upgraded my Windows domain controllers from Server 2000 to
> 2003, installed and configured Identity Management for UNIX.  [...]

   Was the "Identity Management for UNIX" stuff working before the
Windows upgrade, or is this all new stuff which has never worked before?

   I know nothing, but a Google search for:
      ssod hp-ux
led to (among many other things) a Microsoft how-to document:
      http://support.microsoft.com/kb/324542
which suggests that there is a boatload of configuration options (NIS or
not, PAM or not, ...), none of which is revealed in your problem
description.  (And that's only on the HP-UX side.)

> [...] I also have our fireall admin checking his logs [...]

   And is there anything in the system log file(s) on the HP-UX
system(s)?

> [...] I have checked and double checked [...]

   It's nice that you're happy, but we non-psychics have no idea what
you did where, and so have no idea if you know what you're doing or not.
As usual showing actual commands with their actual output can be more
helpful than vague descriptions or interpretations.

Please use plain text.
Advisor
nameless_girl
Posts: 29
Registered: ‎11-11-2010
Message 3 of 5 (417 Views)

Re: problems with SSOD and Password Synchronization

Yes, the password synchronization was working before the upgrade. I've followed the instructions in the article you linked to. I have verified the encryption keys are the same on both sides (windows and UX) and that all servers are configured to use the same port number (6677).

I do see this in my syslog.log file:
Nov 1 12:23:15 tflhp ssod:[2341]: Ssod killed by term signal
Nov 1 12:23:44 tflhp ssod:[16125]: Unable to bind Port Number: 6677
Nov 1 14:21:50 tflhp ssod:[9096]: Unable to bind Port Number: 6677

The "SSOD killed" is from me killing the process and restarting it.

What does the "unable to bind" error mean?

I can telnet to the HP-UX server on port 6677 and it accepts the connection. There is only one instance of port 6677 being listened to. I

running the command "lsof -i :6677" gives

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ssod 18397 root 3u IPv4 0xe0000001e6e88740 0t0 TCP *:ssod (LISTEN)






Please use plain text.
Honored Contributor
Steven Schweda
Posts: 9,084
Registered: ‎02-23-2005
Message 4 of 5 (414 Views)

Re: problems with SSOD and Password Synchronization

> What does the "unable to bind" error mean?

   I'd guess that it means that you're trying to start a daemon which
wants to listen at port 6677 when there's already a daemon running which
is listening at port 6677.  Again, with my weak psychic powers, I don't
know what you killed or started (and when).

 

   And, as before, all I know about the details of your configuration is
that you like them (which knowledge has minimal diagnostic utility).

Please use plain text.
Occasional Visitor
bill_k_lopez
Posts: 1
Registered: ‎08-20-2012
Message 5 of 5 (252 Views)

Re: problems with SSOD and Password Synchronization

Wow Steven - you sound like a real **bleep**.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation