Files_to_be_attached_to_bug_report#
Server instalation failed#
Please be aware that some logs may contain sensitive information and should be sanitized or transported over a secure channel.
ipa-server-install#
Generic failure#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
Directory server failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors
/var/log/dirsrv/slapd-*/access
journalctl -xe
Dogtag CA failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u pki-tomcatd@pki-tomcat.service
/var/log/pki/pki-tomcat/ca/debug
/var/log/pki/pki-ca-spawn.``\ ``.log
Dogtag KRA failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u pki-tomcatd@pki-tomcat.service
/var/log/pki/pki-tomcat/kra/debug
/var/log/pki/pki-kra-spawn.``\ ``.log
Kerberos (KDC, kadmin) failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/kadmind.log
/var/log/krb5kdc.log
Apache (httpd) failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u httpd
/var/log/httpd/error_log
Custodia failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u ipa-custodia
less /var/log/ipa-custodia.audit.log # from both master and replica
DNS part failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
journalctl -u named-pkcs11
journalctl -u ipa-dnskeysyncd
AD Trust installation failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/httpd/error_log
/var/log/dirsrv/slapd-*/errors
/var/log/dirsrv/slapd-*/access
journalctl -u smb
journalctl -u winbind
Installation of updates failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors
Client part failed#
date -R
/var/log/ipaserver-install.log
ausearch -m AVC > avc.log
/var/log/ipaclient-install.log
/var/log/httpd/error_log
ipa-replica-install#
Generic failure#
date -R
/var/log/ipareplica-install.log
ausearch -m AVC > avc.log
In case of failure of any specific component follow list of services from installation section and provide those logs too.
Connection check failed#
Please make sure that firewall and network are correctly set (servers can see each other) before you report issue against replica connection check.
From both master and replica
date -R
/var/log/ipareplica-conncheck.log
ipa-dns-install#
ipa-ca-install#
date -R
/var/log/ipareplica-ca-install.log
And see ipa-server-install CA part.
ipa-kra-install#
date -R
/var/log/ipaserver-kra-install.log
And see ipa-server-install KRA part.
ipa-adtrust-install#
I HAVE NO IDEA#
Then provide everything you can ;-)
date -R
/var/log/ipa*.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors
/var/log/dirsrv/slapd-*/access
journalctl -xe
journalctl -u named-pkcs11
journalctl -u ipa-dnskeysyncd
journalctl -u httpd
journalctl -u pki-tomcatd@pki-tomcat.service
/var/log/pki/pki-tomcat/ca/debug
/var/log/pki/pki-ca-spawn.``\ ``.log
/var/log/pki/pki-tomcat/kra/debug
/var/log/pki/pki-kra-spawn.``\ ``.log
/var/log/httpd/error_log
/var/log/kadmind.log
/var/log/krb5kdc.log
Client installation failed#
date -R
/var/log/ipaclient-install.log
ausearch -m AVC > avc.log
Upgrade failed#
date -R
/var/log/ipaupgrade.log
ausearch -m AVC > avc.log
/var/log/dirsrv/slapd-*/errors
In case of upgrade failure of any specific components follow list of services from installation section and provide those logs too.
FreeIPA CLI failed#
Internal server error#
Please execute steps on the server which is returning an internal error.
Prologue:
set debug=true in /etc/ipa/default.conf``
apachectl graceful
Run broken command:
``ipa ``
Provide logs from the server:
date -R
/var/log/httpd/error_log
/var/log/dirsrv/slapd-*/access
/var/log/dirsrv/slapd-*/errors
Epilogue:
remove debug=true from /etc/ipa/default.conf``
apachectl graceful
FreeIPA WebUI failed#
Login failed#
Please execute steps on the server with FreeIPA server installed.
Prologue:
change LogLevel to info in /etc/httpd/conf.d/nss.conf``
apachectl graceful
Try to log in again.
Provide logs from the server:
date -R
/var/log/httpd/error_log
/var/log/httpd/access_log
/var/log/krb5kdc.log
Epilogue:
set back LogLevel to warn in /etc/httpd/conf.d/nss.conf``
apachectl graceful
Other failures#
Usually seen as 50x HTTP error in WebUI.
date -R
/var/log/httpd/error_log
/var/log/httpd/access_log
journalctl -u httpd
Internal server error#
Please follow FreeIPA CLI failed: Internal server error and execute action in WebUI instead of running an ipa .