<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 14/01/2017 22:08, Fil Di Noto wrote:<br>
</div>
<blockquote
cite="mid:CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com"
type="cite">
<div dir="ltr">Sounds more like a client problem (firewall, hosts
file, network settings/routes)</div>
</blockquote>
Unfortunally not that I have found.<br>
<blockquote
cite="mid:CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Other clients are able to resolve against the IPA server?</div>
</div>
</blockquote>
yes.<br>
<blockquote
cite="mid:CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div> You are seeing the response come back on a packet capture
taken from the windows server?</div>
</div>
</blockquote>
yes.<br>
<blockquote
cite="mid:CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>If yes to both of those, maybe the windows server thinks
the IPA server is not who it says it is. </div>
</div>
</blockquote>
How does windows verifies this? Note that there is no active
directory in place or domain/remote authentication from the windows
point of view. Windows is using it only as an plain DNS server.<br>
<br>
Note that there is another windows server (2008) that works fine.
This one is 2008 r2 (if it matters).<br>
<br>
<blockquote
cite="mid:CAPkW28rxAkPwQOXJRJDRsim9KT31m4zerOOyjGBBhbemRDu5eQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Is the IPA server hostname/domain name the same as a
previous windows host? If so that is probably not good.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Jan 14, 2017 at 12:01 PM,
Raul Dias <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:raul@dias.com.br" target="_blank">raul@dias.com.br</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p><tt><font size="+1">Hello,</font></tt></p>
<p><tt><font size="+1">I am migrating a network to
FreeIPA. LDAP, NFS, no Active Directory.</font></tt></p>
<p><tt><font size="+1">A Windows Server 2008 R2, cannot
use FreeIPAs bind to resolve DNS query. <br>
This server works fine with my old bind server,
google's dns server (8.8.8.8), but not FreeIPA's.<br>
Using wireshark, I can see the the response gets
to this host, but is simply ignored. Clocks are
in sync.<br>
</font></tt></p>
<p><tt><font size="+1">Not sure if the problem is in the
FreeIPA's side, probably not.</font></tt></p>
<p><tt><font size="+1">Any ideas?</font></tt></p>
-rsd<br>
</div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true" href="http://freeipa.org"
rel="noreferrer" target="_blank">http://freeipa.org</a>
for more info on the project<br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Att. Raul Dias</pre>
</body>
</html>