Anvar Kuchkartaev via FreeIPA-users wrote:
> If you installed freeipa service or client with option --no-ntp then it won't 
> use ntp to synchronise clock.
> 
> If you have already ipa server with ntpd installed:
> 
> ‎https://www.redhat.com/archives/freeipa-users/2014-August/msg00197.html

As I read it he has the reverse problem. He installed with NTP support
and now wants to remove it.

You need to remove NTP as a managed IPA service by removing the entry:

cn=NTP,cn=ipa.example.com,cn=masters,cn=ipa,cn=etc,dc=example,dc=com

ipactl will no longer try to start the service.

Note that without good time then you may run into serious issues with
Kerberos and replication.

rob

> 
> Anvar Kuchkartaev 
> an...@aegisnet.eu 
>   Original Message  
> From: Harald Dunkel via FreeIPA-users
> Sent: lunes, 15 de enero de 2018 10:18
> To: FreeIPA users list
> Reply To: FreeIPA users list
> Cc: Harald Dunkel
> Subject: [Freeipa-users] how to avoid ntpd?
> 
> Hi folks,
> 
> some ipa servers in my environment are not permitted to change
> the clock. If I use "systemctl mask ntpd" to avoid the "degraded"
> returned by "systemctl status", then ipactl fails without the
> ntpd service:
> 
> # ipactl restart
> Stopping pki-tomcatd Service
> Restarting Directory Service
> Restarting krb5kdc Service
> Restarting kadmin Service
> Restarting httpd Service
> Restarting ipa-custodia Service
> Restarting pki-tomcatd Service
> Restarting ipa-otpd Service
> Starting ntpd Service
> Failed to start ntpd Service
> Shutting down
> Hint: You can use --ignore-service-failure option for forced start in case 
> that a non-critical service failed
> Aborting ipactl
> 
> If I unmask ntpd, then systemctl status returns "degrarded" again,
> but ipa is fine.
> 
> The option "--ignore-service-failures" ignores *all* service
> failures. I wonder how I can tell freeipa to ignore ntpd and
> rely upon sysvinit or systemd to start it, if necessary?
> 
> 
> Every helpful comment is highly appreciated.
> Harri
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to