Hello,

i'm new on freeipa and i have some problems on my structure here.

I have two servers :

ipa-replica-manage -v list
Directory Manager password:

server1.domain : master
server2.domain : master

When i use the command :


# ipa-replica-manage -v list server2.domain
server1.domain: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully:
Incremental update succeeded
  last update ended: 2017-06-23 13:35:42+00:00

# ipa-replica-manage -v list server1.domain
server2.domain: replica
  last init status: None
  last init ended: 1970-01-01 00:00:00+00:00
  last update status: Error (0) Replica acquired successfully:
Incremental update succeeded
  last update ended: 2017-06-23 13:36:42+00:00

There are no errors on the syncronization of this two servers.

But i have two strange behaviors on my structure.

1. I have network elements ( servers ) listed on server2. domain ( web )
and are no listed on server1.domain ( web )

And i many servers ( many of this are listed on server2 and not on server1
), i receive this erro when i try to connect via ssh using the dns name :

# ssh app01
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f5:21:f0:0c:b7:4b:cf:c4:f2:8f:9c:8a:75:d3:55:5c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending RSA key in /var/lib/sss/pubconf/known_hosts:4
RSA host key for app01 has changed and you have requested strict checking.
Host key verification failed.

Anyone knows how to sync this two servers ?  And about the ssh, how to
solve this ?

Thanks,


-- 

Ataliba Teixeira via Inbox by Gmail
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to