On (17/01/18 15:15), Harald Dunkel via FreeIPA-users wrote:
On 01/15/2018 09:04 PM, Rob Crittenden via FreeIPA-users wrote:
>
> That's fine but it doesn't address the original problem: he doesn't want
> anything managing the clock on his system at all:
>
> "some ipa servers in my environment are not permitted to change
> the clock."
>
These are LXC containers without the appropriate capabilities to
change the clock or to access other hardware. The clock *is* in
sync, but this is out of reach for freeipa.
Then I assume time is in sync on host and you can install ipa without ntp.
So you just need to drop container and install new one without ntp
or use unsupported workaround provided by Rob.
sh# ipa-server-install --help | grep ntp
-N, --no-ntp do not configure ntp
sh# ipa-client-install --help | grep ntp
--ntp-server=NTP_SERVER
ntp server to use. This option can be used multiple
-N, --no-ntp do not configure ntp
--force-ntpd Stop and disable any time&date synchronization
services besides ntpd
LS