[Freeipa-users] Re: Syncronization on servers

2017-07-05 Thread Ataliba Teixeira via FreeIPA-users 
All the problems are solved.

Thanks for all :)


On Tue, Jun 27, 2017 at 1:11 PM Ataliba Teixeira <atal...@gmail.com> wrote:

> Hello Rob,
>
> The strange thing i have here is. The server2 has all of my servers listed
> on the web interface but the server1 not have all of this servers.
>
> When i run the command :
>
> # ipa-replica-manage list -v server2.domain
> server1.domain: replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (0) Replica acquired successfully: Incremental
> update succeeded
>   last update ended: 2017-06-27 14:57:34+00:00
>
>
> # ipa-replica-manage list -v server1.domain
> server2.domain: replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (0) Replica acquired successfully: Incremental
> update succeeded
>   last update ended: 2017-06-27 14:57:41+00:00
>
>
> No problems with the sincronization.
>
> My doubt is this. Why i have differences on the two web interfaces.
> Another error i have in the structure is this :
>
>
> # ssh app01
> @@@
> @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c.
> Please contact your system administrator.
> Add correct host key in /root/.ssh/known_hosts to get rid of this message.
> Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
> RSA host key for app01 has changed and you have requested strict checking.
> Host key verification failed.
>
> And this server is one of the servers listed on server2 and not on the
> server1 .
>
> Thanks for your help,
>
>
>
> On Tue, Jun 27, 2017 at 11:47 AM Rob Crittenden <rcrit...@redhat.com>
> wrote:
>
>> Ataliba Teixeira via FreeIPA-users wrote:
>> > Hello,
>> >
>> > reading some docs about the sync of my two servers :
>> >
>> > # ipa-replica-manage list
>> > server1.domain: master
>> > server2.domain: master
>> >
>> >
>> > # ipa-replica-manage list-ruv
>> > Directory Manager password:
>> >
>> > Replica Update Vectors:
>> > server2.domain:389: 7
>> > server1.domain:389: 4
>> > Certificate Server Replica Update Vectors:
>> > No CS-RUVs found.
>> >
>> >
>> > My doubt is . To solve this i only need to run the command :
>> >
>> > ipa-replica-manage force-sync --from srv2.domain
>>
>> I'm not sure what problem you are trying to solve. The above doesn't
>> show any issues.
>>
>> To see replication status you need to run ipa-replica-manage list twice
>> like:
>>
>> ipa-replica-manage list -v server1.domain
>> ipa-replica-manage list -v server2.domain
>>
>> This will show the agreement status from both sides.
>>
>> rob
>>
> --
>
> Ataliba Teixeira via Inbox by Gmail
>
-- 

Ataliba Teixeira via Inbox by Gmail
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Syncronization on servers

2017-06-27 Thread Ataliba Teixeira via FreeIPA-users 
Hello Rob,

The strange thing i have here is. The server2 has all of my servers listed
on the web interface but the server1 not have all of this servers.

When i run the command :

# ipa-replica-manage list -v server2.domain
server1.domain: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental
update succeeded
  last update ended: 2017-06-27 14:57:34+00:00


# ipa-replica-manage list -v server1.domain
server2.domain: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully: Incremental
update succeeded
  last update ended: 2017-06-27 14:57:41+00:00


No problems with the sincronization.

My doubt is this. Why i have differences on the two web interfaces. Another
error i have in the structure is this :


# ssh app01
@@@
@WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for app01 has changed and you have requested strict checking.
Host key verification failed.

And this server is one of the servers listed on server2 and not on the
server1 .

Thanks for your help,



On Tue, Jun 27, 2017 at 11:47 AM Rob Crittenden <rcrit...@redhat.com> wrote:

> Ataliba Teixeira via FreeIPA-users wrote:
> > Hello,
> >
> > reading some docs about the sync of my two servers :
> >
> > # ipa-replica-manage list
> > server1.domain: master
> > server2.domain: master
> >
> >
> > # ipa-replica-manage list-ruv
> > Directory Manager password:
> >
> > Replica Update Vectors:
> > server2.domain:389: 7
> > server1.domain:389: 4
> > Certificate Server Replica Update Vectors:
> > No CS-RUVs found.
> >
> >
> > My doubt is . To solve this i only need to run the command :
> >
> > ipa-replica-manage force-sync --from srv2.domain
>
> I'm not sure what problem you are trying to solve. The above doesn't
> show any issues.
>
> To see replication status you need to run ipa-replica-manage list twice
> like:
>
> ipa-replica-manage list -v server1.domain
> ipa-replica-manage list -v server2.domain
>
> This will show the agreement status from both sides.
>
> rob
>
-- 

Ataliba Teixeira via Inbox by Gmail
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Syncronization on servers

2017-06-27 Thread Ataliba Teixeira via FreeIPA-users 
Hello,

reading some docs about the sync of my two servers :

# ipa-replica-manage list
server1.domain: master
server2.domain: master


# ipa-replica-manage list-ruv
Directory Manager password:

Replica Update Vectors:
server2.domain:389: 7
server1.domain:389: 4
Certificate Server Replica Update Vectors:
No CS-RUVs found.


My doubt is . To solve this i only need to run the command :

ipa-replica-manage force-sync --from srv2.domain

?

Thanks for your atention :-)

-- 

Ataliba Teixeira via Inbox by Gmail
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Re: Strange behavior on my structure

2017-06-23 Thread Ataliba Teixeira via FreeIPA-users 
Another commands result :

#  ipa-replica-manage list-ruv
Directory Manager password:

Replica Update Vectors:
admin18.fipa.eqx.rvtec.com.br:389: 7
admin10.fipa.eqx.rvtec.com.br:389: 4
Certificate Server Replica Update Vectors:
No CS-RUVs found.


I believe i have a problem with the replication of this two servers.



On Fri, Jun 23, 2017 at 10:42 AM Ataliba Teixeira  wrote:

> Hello,
>
> i'm new on freeipa and i have some problems on my structure here.
>
> I have two servers :
>
> ipa-replica-manage -v list
> Directory Manager password:
>
> server1.domain : master
> server2.domain : master
>
> When i use the command :
>
>
> # ipa-replica-manage -v list server2.domain
> server1.domain: replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (0) Replica acquired successfully: Incremental 
> update succeeded
>   last update ended: 2017-06-23 13:35:42+00:00
>
> # ipa-replica-manage -v list server1.domain
> server2.domain: replica
>   last init status: None
>   last init ended: 1970-01-01 00:00:00+00:00
>   last update status: Error (0) Replica acquired successfully: Incremental 
> update succeeded
>   last update ended: 2017-06-23 13:36:42+00:00
>
> There are no errors on the syncronization of this two servers.
>
> But i have two strange behaviors on my structure.
>
> 1. I have network elements ( servers ) listed on server2. domain ( web )
> and are no listed on server1.domain ( web )
>
> And i many servers ( many of this are listed on server2 and not on server1
> ), i receive this erro when i try to connect via ssh using the dns name :
>
> # ssh app01
> @@@
> @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c.
> Please contact your system administrator.
> Add correct host key in /root/.ssh/known_hosts to get rid of this message.
> Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
> RSA host key for app01 has changed and you have requested strict checking.
> Host key verification failed.
>
> Anyone knows how to sync this two servers ?  And about the ssh, how to
> solve this ?
>
> Thanks,
>
>
> --
>
> Ataliba Teixeira via Inbox by Gmail
>
-- 

Ataliba Teixeira via Inbox by Gmail
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Strange behavior on my structure

2017-06-23 Thread Ataliba Teixeira via FreeIPA-users 
Hello,

i'm new on freeipa and i have some problems on my structure here.

I have two servers :

ipa-replica-manage -v list
Directory Manager password:

server1.domain : master
server2.domain : master

When i use the command :


# ipa-replica-manage -v list server2.domain
server1.domain: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully:
Incremental update succeeded
  last update ended: 2017-06-23 13:35:42+00:00

# ipa-replica-manage -v list server1.domain
server2.domain: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully:
Incremental update succeeded
  last update ended: 2017-06-23 13:36:42+00:00

There are no errors on the syncronization of this two servers.

But i have two strange behaviors on my structure.

1. I have network elements ( servers ) listed on server2. domain ( web )
and are no listed on server1.domain ( web )

And i many servers ( many of this are listed on server2 and not on server1
), i receive this erro when i try to connect via ssh using the dns name :

# ssh app01
@@@
@WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for app01 has changed and you have requested strict checking.
Host key verification failed.

Anyone knows how to sync this two servers ?  And about the ssh, how to
solve this ?

Thanks,


-- 

Ataliba Teixeira via Inbox by Gmail
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org