Anvar Kuchkartaev via FreeIPA-users wrote:
> If you installed freeipa service or client with option --no-ntp then it won't 
> use ntp to synchronise clock.
> If you have already ipa server with ntpd installed:
> ‎

As I read it he has the reverse problem. He installed with NTP support
and now wants to remove it.

You need to remove NTP as a managed IPA service by removing the entry:


ipactl will no longer try to start the service.

Note that without good time then you may run into serious issues with
Kerberos and replication.


> Anvar Kuchkartaev 
>   Original Message  
> From: Harald Dunkel via FreeIPA-users
> Sent: lunes, 15 de enero de 2018 10:18
> To: FreeIPA users list
> Reply To: FreeIPA users list
> Cc: Harald Dunkel
> Subject: [Freeipa-users] how to avoid ntpd?
> Hi folks,
> some ipa servers in my environment are not permitted to change
> the clock. If I use "systemctl mask ntpd" to avoid the "degraded"
> returned by "systemctl status", then ipactl fails without the
> ntpd service:
> # ipactl restart
> Stopping pki-tomcatd Service
> Restarting Directory Service
> Restarting krb5kdc Service
> Restarting kadmin Service
> Restarting httpd Service
> Restarting ipa-custodia Service
> Restarting pki-tomcatd Service
> Restarting ipa-otpd Service
> Starting ntpd Service
> Failed to start ntpd Service
> Shutting down
> Hint: You can use --ignore-service-failure option for forced start in case 
> that a non-critical service failed
> Aborting ipactl
> If I unmask ntpd, then systemctl status returns "degrarded" again,
> but ipa is fine.
> The option "--ignore-service-failures" ignores *all* service
> failures. I wonder how I can tell freeipa to ignore ntpd and
> rely upon sysvinit or systemd to start it, if necessary?
> Every helpful comment is highly appreciated.
> Harri
> _______________________________________________
> FreeIPA-users mailing list --
> To unsubscribe send an email to
> _______________________________________________
> FreeIPA-users mailing list --
> To unsubscribe send an email to
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to