Installing NIS

[Michael D. Ober]

OK, I have PCNFS server working, however I really need to install NIS so AD
will manage the replication of NFS users and mappings for me. Unfortunately
I'm unable to extend the Schema. When I follow the directions at
http://www.microsoft.com/windows2000/en/advanced/help/sag_ADschemaEnableExtend.htm
the checkbox I need to select is greyed out. My test server is in a forest
by itself and NTDSUTIL shows all five FSMO roles belonging to this server.
Any ideas?

Thanks,
Mike Ober.

 

[GIbson \(msft\)]

When you install SFU NIS on a domain controller, it would automatically
extend the schema required for SFU NIS. Try installing SFU NIS on the domain
controller and see if you get any error message.

--
Regards,
Gibson
==========================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==========================================================

 

[Michael D. Ober]

My test domain consists of a single Windows 2000 SP4 AD Domain Controller.
There are no other machines in this domain. I get an error stating that the
Schema cannot be extended. Logged in as Administrator - verified that
Administrator is in the Schema Admins group.

Mike.

 

[GIbson \(msft\)]

Try the following steps on the domain controller.
1. Copy the sfusch.exe and AmIDcAdmin.exe from the SFU 3.0 CD or SFU 3.5
setup file
in the NIS folder to the local drive.
2. Go to command prompt of the dir where you copied those two files.
3. Type sfusch.exe /x
4. Now you are able to extend the schema successfully.
5. Instal SFU NIS.
--
Regards,
Gibson
==========================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==========================================================

 

[Michael D. Ober]

I get the following in the sfusch.log file:

----------------
Start of schema extension. Time: Mon Nov 15 14:39:09 2004
Schema Naming Context
'CN=Schema,CN=Configuration,DC=watest,DC=org'

FSMO Role Owner

'CN=TEST-SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
ion,DC=watest,DC=org'

DNS Hostname of FSMO
'test-server.watest.org'

====================================
SFU Schema Extension did not complete.
====================================
End of schema extension. Time: Mon Nov 15 14:39:10 2004

 

[GIbson \(msft\)]

Using the AdsiEdit tool,
1. Check on the DC whether
"CN=YPSERV,CN=RpcServices,CN=System,DC=domainname,DC=com" exists or not.
This is the configuration container of NIS.

2. If this container exists please check if "schemaVersion" attribute exists
for this container and what is its value.

If the value of "schemaVersion" is null you will receive this error. Set
this value to 2. Reboot the machine and try to run sfusch.exe /x as per the
steps in the previous mail.
--
Regards,
Gibson

==========================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==========================================================

 

[Michael D. Ober]

This DC doesn't exist. Although I assume this should be a first or second
level object, I went ahead and checked the full tree and didn't find it.

Mike.

 

[Michael D. Ober]

Solved.

I unplugged the system from the network. All of a sudden, IE started and
attempted to download a control. Knowing this wasn't possible on a system
that is physically unplugged from the network, I started poking around the
registry's run keys and discovered "winole.exe". I manually removed this
beast, killed the process in task manager, and deleted the winole.exe file
from c:\winnt\system32 and rebooted. I then plugged the system back into
the LAN and was able to modify the schema operations master to all schema
modifications on this system. I cleared the "allow schema changes on this
system" checkbox and rebooted. Then I set the checkbox and tried to install
NIS again. It worked.

Note that when I built this server, I immediately installed IE6 SP1 from our
primary production DC, rebooted, then installed SP4 from our primary
production DC, then ran multiple passes against the windows update site to
bring this system up to date on all patches. That damn virus was fast.

By the way, it currently takes 3 passes against Windows Update after IE6 SP1
and W2K SP4 are installed to get all the security patches. In my book, this
is 2 passes too many.

Thanks for all the help.

Mike.

 

[Charlie Russel - MVP]

FWIW, the average time to infection of an unprotected system is <20' now.
That's faster than I can build a system most days.

I now only build systems that are either done entirely offline, with patches
applied via CD, or that are behind a solid and known firewall.


--
Please, all replies to the newsgroup.
======================
Charlie Russel - MVP
NFS Authentication issues? See:
http://www.microsoft.com/technet/itsolutions/interop/sfu/nfsauth.mspx
RSH Problems? See:
http://www.microsoft.com/technet/itsolutions/interop/sfu/sfu35rsh.mspx

 

[acezen]

Hi,

I have a problem installing the SFU 3.5 to my test domain (Melb-VM-AD1) controller running on Windows Server 2003. My test domain consists of four Windows 2003 SP2 AD Domain Controllers in forest. Currently my test domain is isolated from the network.

I get the following in the sfusch.log file:

----------------
Start of schema extension. Time: Wed Aug 20 14:39:09 2008
Schema Naming Context
'CN=Schema,CN=Configuration,DC=object,DC=com,DC=au'

FSMO Role Owner

'CN=MASTER-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
ion,DC=OBJECT,DC=COM,DC=AU'

DNS Hostname of FSMO
'master-ad.object.com.au'

====================================
SFU Schema Extension did not complete.
====================================
End of schema extension. Time: Wed 20 14:39:10 2008
---------------------------------

Any ideas?

Regards,
Kwang Whee