Michael Mercier via FreeIPA-devel wrote:
I would like to have the ipaNTHash stored in the IPA LDAP database
without having to use winbind or samba. I
installed ipa-server-*trust*-ad and did the basic setup. In order to
now start IPA I now have to add the '--ignore-service-failure’ option,
meaning I have to manually (re)start it at boot.
[root@ipa ~]# ipactl start --ignore-service-failure
Existing service file detected!
Assuming stale, cleaning and proceeding
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting named Service
Starting httpd Service
Starting ipa-custodia Service
Starting pki-tomcatd Service
Starting smb Service
Failed to start smb Service
Forced start, ignoring smb Service, continuing normal operation
Starting winbind Service
Failed to start winbind Service
Forced start, ignoring winbind Service, continuing normal operation
Starting ipa-otpd Service
Starting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
Is there a way to have ipa-server-trust-ad setup and still have the
service start without the winbind and/or samba dependancies?
You can try changing the ipaConfigString from enabledService to
Leave the other things in ipaConfigString and the entry alone in order
to switch back.