On 19/09/16 08:49, Martin Babinsky wrote:
On 09/17/2016 12:43 PM, lejeczek wrote:
On 15/09/16 22:37, Rob Crittenden wrote:
What do you mean control? If you don't want ipactl to
manage the smb
service, look for an entry in
cn=masters,cn=ipa,cn=etc,dc=example,dc=com and delete it
if you find it.
rob
all I find there is:
objectClass: nsContainer
objectClass: top
cn: masters
does the same pertain winbind? Does IPA need/use winbind if
Samba under IPA is not the case?
You must perform subtree search and search for the entry
named 'cn=ADTRUST', like so:
"""
ldapsearch -Y GSSAPI -b
'cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test' '(cn=ADTRUST)'
SASL/GSSAPI authentication started
SASL username: ad...@ipa.test
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test> with
scope subtree
# filter: (cn=ADTRUST)
# requesting: ALL
#
# ADTRUST, master1.ipa.test, masters, ipa, etc, ipa.test
dn:
cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test
objectClass: ipaConfigObject
objectClass: nsContainer
objectClass: top
ipaConfigString: startOrder 60
ipaConfigString: enabledService
cn: ADTRUST
# search result
search: 4
result: 0 Success
# numResponses: 2
# numEntries: 1
"""
Then remove the "ipaConfigString: enabledService"
attribute from the entry to tell "ipactl" that it should
not control this service anymore:
[root@master1 ~]# ldapmodify -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: ad...@ipa.test
SASL SSF: 56
SASL data security layer installed.
dn:
cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test
changetype: modify
delete: ipaConfigString
ipaConfigString: enabledService
modifying entry
"cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test"
If you then do "ipactl restart" and "ipactl status", it
should not display smb.service anymore and you are free to
use them as you wish.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project