sssd - ad backend with Samba4

Great news for Linux machines in Active Directory. Our file server configuration recently went from a 30 line essay to this:
services = nss, pam
config_file_version = 2
domains = hh3.site
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False

That's it. It takes care of all the rfc2307 mapping and gssapi keytab stuff. Just make sure you have the MACHINE$ key available in the keytab. Oh, don't forget to clear the cache:
rm /usr/local/var/lib/sss/db/*
It throws in A, AAAA and PTR updates for free. Great if you're on dhcp. A big thanks to the sssd devs.

Add autofs to taste with this configuration. Unfortunately, there is no autofs_provider = ad. Yet:(
services = nss, pam, autofs
config_file_version = 2
domains = default
ad_hostname = catral.hh3.site
ad_server = hh16.hh3.site
ad_domain = hh3.site
ldap_schema = ad
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad

ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$@HH3.SITE
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true

autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation

autofs schema details here