On 09/19/2016 09:49 AM, Martin Babinsky wrote:
On 09/17/2016 12:43 PM, lejeczek wrote:



On 15/09/16 22:37, Rob Crittenden wrote:
What do you mean control? If you don't want ipactl to manage the smb
service, look for an entry in
cn=masters,cn=ipa,cn=etc,dc=example,dc=com and delete it if you find it.

rob
all I find there is:

objectClass: nsContainer
objectClass: top
cn: masters


You must perform subtree search and search for the entry named
'cn=ADTRUST', like so:

"""
ldapsearch -Y GSSAPI -b 'cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test'
'(cn=ADTRUST)'
SASL/GSSAPI authentication started
SASL username: ad...@ipa.test
SASL SSF: 56
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test> with scope subtree
# filter: (cn=ADTRUST)
# requesting: ALL
#

# ADTRUST, master1.ipa.test, masters, ipa, etc, ipa.test
dn: cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test
objectClass: ipaConfigObject
objectClass: nsContainer
objectClass: top
ipaConfigString: startOrder 60
ipaConfigString: enabledService
cn: ADTRUST

# search result
search: 4
result: 0 Success

# numResponses: 2
# numEntries: 1
"""

Then remove the "ipaConfigString: enabledService" attribute from the
entry to tell "ipactl" that it should not control this service anymore:

[root@master1 ~]# ldapmodify -Y GSSAPI
SASL/GSSAPI authentication started
SASL username: ad...@ipa.test
SASL SSF: 56
SASL data security layer installed.
dn: cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test
changetype: modify
delete: ipaConfigString
ipaConfigString: enabledService

modifying entry
"cn=ADTRUST,cn=master1.ipa.test,cn=masters,cn=ipa,cn=etc,dc=ipa,dc=test"

If you then do "ipactl restart" and "ipactl status", it should not
display smb.service anymore and you are free to use them as you wish.


Note that you might do the same for the 'cn=EXTID' entry which controls the winbind service.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to