hi, free IPA everyone?

I wanted to ask if you maybe seen below errors. I’m trying regular:

$ ipa-client-install –principal=admin
–password=”ccnR.Biotec13#diradm” –enable-dns-updates

and it fails:
…

   Valid From:  2018-01-09 16:51:35
    Valid Until: 2038-01-09 16:51:35

Enrolled in IPA realm PRIVATE.CCNR.CEB.PRIVATE.CAM.AC.UK
Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Failed to obtain host TGT: Major (851968): Unspecified GSS
failure. Minor code may provide more information, Minor
(2529638936): Preauthentication failed Installation failed. Rolling back changes. Unconfigured automount client failed: Command
‘ipa-client-automount –uninstall –debug’ returned non-zero exit status 1
Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted Client uninstall complete. The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information

It’s not time sync problem, server & client candidate are in sync. Simple install, server installed okey but client fails as above.

Does your IPA VERSION: 4.5.0, API_VERSION: 2.228 install okey, with no problems?

many thanks, L.