Updated with ipaclient setup and bootstrap

roles/debian-freeipa-client/templates/krb5.conf.j2

@@ -0,0 +1,31 @@
+# {{ ansible_managed }}
+includedir /var/lib/sss/pubconf/krb5.include.d/
+
+[libdefaults]
+  default_realm = {{ ipa_realm }}
+  dns_lookup_realm = false
+  dns_lookup_kdc = false
+  rdns = false
+  dns_canonicalize_hostname = false
+  ticket_lifetime = 24h
+  forwardable = true
+  
+
+[realms]
+  {{ ipa_realm |upper }} = {
+    kdc = {{ ipa_server }}:88
+    master_kdc = {{ ipa_server }}:88
+    admin_server = {{ ipa_server }}:749
+    kpasswd_server = {{ ipa_server }}:464
+    default_domain = {{ bind_localdomain }}
+  }
+
+
+[domain_realm]
+  .{{ bind_localdomain }} = {{ ipa_realm |upper}}
+  {{ bind_localdomain }} = {{ ipa_realm |upper}}
+
+[logging]
+default = FILE:/var/log/krb5libs.log
+kdc = FILE:/var/log/krb5kdc.log
+admin_server = FILE:/var/log/kadmin.log

roles/debian-freeipa-client/templates/sssd.conf.j2

@@ -0,0 +1,23 @@
+# {{ ansible_managed }}
+[sssd]
+config_file_version = 2
+services = nss, pam, sudo, ssh
+domains = {{ ipa_realm }}
+
+[nss]
+
+[pam]
+
+[ssh]
+
+[sudo]
+
+[domain/{{ ipa_realm }}]
+cache_credentials = true
+krb5_store_password_if_offline = true
+id_provider = ipa
+auth_provider = ipa
+access_provider = ipa
+chpass_provider = ipa
+ldap_tls_cacert = /etc/ipa/ca.crt
+ipa_hostname = {{ ansible_fqdn }}