Re: [Freeipa-users] how to revert ipa-adtrust-install...

Wed, 02 Nov 2016 15:05:16 -0700 


On 19/09/16 08:49, Martin Babinsky wrote:

On 09/17/2016 12:43 PM, lejeczek wrote:



On 15/09/16 22:37, Rob Crittenden wrote:

What do you mean control? If you don't want ipactl to 
manage the smb

service, look for an entry in

cn=masters,cn=ipa,cn=etc,dc=example,dc=com and delete it 
if you find it.


rob

all I find there is:

objectClass: nsContainer
objectClass: top
cn: masters






does the same pertain winbind? Does IPA need/use winbind if 
Samba under IPA is not the case?



You must perform subtree search and search for the entry 
named 'cn=ADTRUST', like so:


"""

ldapsearch -Y GSSAPI -b 
'cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test' '(cn=ADTRUST)'

SASL/GSSAPI authentication started
SASL username: ad...@ipa.test
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3

# base <cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test> with 
scope subtree

# filter: (cn=ADTRUST)
# requesting: ALL
#

# ADTRUST, master1.ipa.test, masters, ipa, etc, ipa.test

dn: 
cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test 


objectClass: ipaConfigObject
objectClass: nsContainer
objectClass: top
ipaConfigString: startOrder 60
ipaConfigString: enabledService
cn: ADTRUST

# search result
search: 4
result: 0 Success

# numResponses: 2
# numEntries: 1
"""


Then remove the "ipaConfigString: enabledService" 
attribute from the entry to tell "ipactl" that it should 
not control this service anymore:


[root@master1 ~]# ldapmodify -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: ad...@ipa.test
SASL SSF: 56
SASL data security layer installed.

dn: 
cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test 


changetype: modify
delete: ipaConfigString
ipaConfigString: enabledService


modifying entry 
"cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test" 




If you then do "ipactl restart" and "ipactl status", it 
should not display smb.service anymore and you are free to 
use them as you wish.




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


























					Reply via email to