[Freeipa-users] Re: Syncronization on servers
All the problems are solved. Thanks for all :) On Tue, Jun 27, 2017 at 1:11 PM Ataliba Teixeira <atal...@gmail.com> wrote: > Hello Rob, > > The strange thing i have here is. The server2 has all of my servers listed > on the web interface but the server1 not have all of this servers. > > When i run the command : > > # ipa-replica-manage list -v server2.domain > server1.domain: replica > last init status: None > last init ended: 1970-01-01 00:00:00+00:00 > last update status: Error (0) Replica acquired successfully: Incremental > update succeeded > last update ended: 2017-06-27 14:57:34+00:00 > > > # ipa-replica-manage list -v server1.domain > server2.domain: replica > last init status: None > last init ended: 1970-01-01 00:00:00+00:00 > last update status: Error (0) Replica acquired successfully: Incremental > update succeeded > last update ended: 2017-06-27 14:57:41+00:00 > > > No problems with the sincronization. > > My doubt is this. Why i have differences on the two web interfaces. > Another error i have in the structure is this : > > > # ssh app01 > @@@ > @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c. > Please contact your system administrator. > Add correct host key in /root/.ssh/known_hosts to get rid of this message. > Offending RSA key in /var/lib/sss/pubconf/known_hosts:4 > RSA host key for app01 has changed and you have requested strict checking. > Host key verification failed. > > And this server is one of the servers listed on server2 and not on the > server1 . > > Thanks for your help, > > > > On Tue, Jun 27, 2017 at 11:47 AM Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Ataliba Teixeira via FreeIPA-users wrote: >> > Hello, >> > >> > reading some docs about the sync of my two servers : >> > >> > # ipa-replica-manage list >> > server1.domain: master >> > server2.domain: master >> > >> > >> > # ipa-replica-manage list-ruv >> > Directory Manager password: >> > >> > Replica Update Vectors: >> > server2.domain:389: 7 >> > server1.domain:389: 4 >> > Certificate Server Replica Update Vectors: >> > No CS-RUVs found. >> > >> > >> > My doubt is . To solve this i only need to run the command : >> > >> > ipa-replica-manage force-sync --from srv2.domain >> >> I'm not sure what problem you are trying to solve. The above doesn't >> show any issues. >> >> To see replication status you need to run ipa-replica-manage list twice >> like: >> >> ipa-replica-manage list -v server1.domain >> ipa-replica-manage list -v server2.domain >> >> This will show the agreement status from both sides. >> >> rob >> > -- > > Ataliba Teixeira via Inbox by Gmail > -- Ataliba Teixeira via Inbox by Gmail ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: Syncronization on servers
Hello Rob, The strange thing i have here is. The server2 has all of my servers listed on the web interface but the server1 not have all of this servers. When i run the command : # ipa-replica-manage list -v server2.domain server1.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-27 14:57:34+00:00 # ipa-replica-manage list -v server1.domain server2.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-27 14:57:41+00:00 No problems with the sincronization. My doubt is this. Why i have differences on the two web interfaces. Another error i have in the structure is this : # ssh app01 @@@ @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /var/lib/sss/pubconf/known_hosts:4 RSA host key for app01 has changed and you have requested strict checking. Host key verification failed. And this server is one of the servers listed on server2 and not on the server1 . Thanks for your help, On Tue, Jun 27, 2017 at 11:47 AM Rob Crittenden <rcrit...@redhat.com> wrote: > Ataliba Teixeira via FreeIPA-users wrote: > > Hello, > > > > reading some docs about the sync of my two servers : > > > > # ipa-replica-manage list > > server1.domain: master > > server2.domain: master > > > > > > # ipa-replica-manage list-ruv > > Directory Manager password: > > > > Replica Update Vectors: > > server2.domain:389: 7 > > server1.domain:389: 4 > > Certificate Server Replica Update Vectors: > > No CS-RUVs found. > > > > > > My doubt is . To solve this i only need to run the command : > > > > ipa-replica-manage force-sync --from srv2.domain > > I'm not sure what problem you are trying to solve. The above doesn't > show any issues. > > To see replication status you need to run ipa-replica-manage list twice > like: > > ipa-replica-manage list -v server1.domain > ipa-replica-manage list -v server2.domain > > This will show the agreement status from both sides. > > rob > -- Ataliba Teixeira via Inbox by Gmail ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Syncronization on servers
Hello, reading some docs about the sync of my two servers : # ipa-replica-manage list server1.domain: master server2.domain: master # ipa-replica-manage list-ruv Directory Manager password: Replica Update Vectors: server2.domain:389: 7 server1.domain:389: 4 Certificate Server Replica Update Vectors: No CS-RUVs found. My doubt is . To solve this i only need to run the command : ipa-replica-manage force-sync --from srv2.domain ? Thanks for your atention :-) -- Ataliba Teixeira via Inbox by Gmail ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Re: Strange behavior on my structure
Another commands result : # ipa-replica-manage list-ruv Directory Manager password: Replica Update Vectors: admin18.fipa.eqx.rvtec.com.br:389: 7 admin10.fipa.eqx.rvtec.com.br:389: 4 Certificate Server Replica Update Vectors: No CS-RUVs found. I believe i have a problem with the replication of this two servers. On Fri, Jun 23, 2017 at 10:42 AM Ataliba Teixeirawrote: > Hello, > > i'm new on freeipa and i have some problems on my structure here. > > I have two servers : > > ipa-replica-manage -v list > Directory Manager password: > > server1.domain : master > server2.domain : master > > When i use the command : > > > # ipa-replica-manage -v list server2.domain > server1.domain: replica > last init status: None > last init ended: 1970-01-01 00:00:00+00:00 > last update status: Error (0) Replica acquired successfully: Incremental > update succeeded > last update ended: 2017-06-23 13:35:42+00:00 > > # ipa-replica-manage -v list server1.domain > server2.domain: replica > last init status: None > last init ended: 1970-01-01 00:00:00+00:00 > last update status: Error (0) Replica acquired successfully: Incremental > update succeeded > last update ended: 2017-06-23 13:36:42+00:00 > > There are no errors on the syncronization of this two servers. > > But i have two strange behaviors on my structure. > > 1. I have network elements ( servers ) listed on server2. domain ( web ) > and are no listed on server1.domain ( web ) > > And i many servers ( many of this are listed on server2 and not on server1 > ), i receive this erro when i try to connect via ssh using the dns name : > > # ssh app01 > @@@ > @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that a host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c. > Please contact your system administrator. > Add correct host key in /root/.ssh/known_hosts to get rid of this message. > Offending RSA key in /var/lib/sss/pubconf/known_hosts:4 > RSA host key for app01 has changed and you have requested strict checking. > Host key verification failed. > > Anyone knows how to sync this two servers ? And about the ssh, how to > solve this ? > > Thanks, > > > -- > > Ataliba Teixeira via Inbox by Gmail > -- Ataliba Teixeira via Inbox by Gmail ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] Strange behavior on my structure
Hello, i'm new on freeipa and i have some problems on my structure here. I have two servers : ipa-replica-manage -v list Directory Manager password: server1.domain : master server2.domain : master When i use the command : # ipa-replica-manage -v list server2.domain server1.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-23 13:35:42+00:00 # ipa-replica-manage -v list server1.domain server2.domain: replica last init status: None last init ended: 1970-01-01 00:00:00+00:00 last update status: Error (0) Replica acquired successfully: Incremental update succeeded last update ended: 2017-06-23 13:36:42+00:00 There are no errors on the syncronization of this two servers. But i have two strange behaviors on my structure. 1. I have network elements ( servers ) listed on server2. domain ( web ) and are no listed on server1.domain ( web ) And i many servers ( many of this are listed on server2 and not on server1 ), i receive this erro when i try to connect via ssh using the dns name : # ssh app01 @@@ @WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /var/lib/sss/pubconf/known_hosts:4 RSA host key for app01 has changed and you have requested strict checking. Host key verification failed. Anyone knows how to sync this two servers ? And about the ssh, how to solve this ? Thanks, -- Ataliba Teixeira via Inbox by Gmail ___ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org