The development curve for the SSSD integration with samba (CIFS really) is relatively new even in the wild. Essentially we're really talking about the replacement of the winbind daemon. I believe that the latest versions of the SSSD on Fedora, RHEL and even openSUSE have the binaries to integrate CIFS share access security into the SSSD stack. RHEL being the commercially supportable option obviously. The SLES SSSD stack maintains a more conservative stance in the versioning of the daemon it distributes, but they will get there eventually.

You could run the winbind daemon alongside the SSSD for now to manage the samba/CIFS share access. I'll begin taking a look at the SP3 beta code to see if the CIFS share integration is there and begin testing it as well.

-- lawrence