Hello,

I would like to have the ipaNTHash stored in the IPA LDAP database without having to use winbind or samba. I installed ipa-server-trust-ad and did the basic setup.  In order to now start IPA I now have to add the '--ignore-service-failure’ option, meaning I have to manually (re)start it at boot. 

[root@ipa ~]# ipactl start --ignore-service-failure
Existing service file detected!
Assuming stale, cleaning and proceeding
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting httpd Service
Starting ipa-custodia Service
Starting pki-tomcatd Service
Starting smb Service
Failed to start smb Service
Forced start, ignoring smb Service, continuing normal operation
Starting winbind Service
Failed to start winbind Service
Forced start, ignoring winbind Service, continuing normal operation
Starting ipa-otpd Service
Starting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful

Is there a way to have ipa-server-trust-ad setup and still have the service start without the winbind and/or samba dependancies?

Thanks,
Mike