diff --git a/roles/sssd/defaults/main.yml b/roles/sssd/defaults/main.yml
index 50943f8dfa397875742595aa7eaf6fd861fe907c..84c56377bcede580520c1cc48c4949bc3cae9688 100644
--- a/roles/sssd/defaults/main.yml
+++ b/roles/sssd/defaults/main.yml
@@ -1,12 +1,13 @@
 ---
 sssd_conf: /etc/sssd/sssd.conf
-sssd_packages: sssd
+sssd_packages: sssd, libselinux-python
+sssd_on_master: "false"
 sssd_domains:
 sssd_id_provider:
 sssd_auth_provider:
 sssd_access_provider:
 sssd_chpass_provider:
 sssd_cache_credentials: False
-sssd_krb5_store_password_if_offline: False
+sssd_krb5_offline_passwords: False
 sssd_ipa_servers:
 sssd_services:
diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index 30d4c4ef02c9bbb11781684e7876577588ea3b9e..c09c3ead31c5eef3811f87312b7b57b729121bce 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -13,14 +13,15 @@
 - name: Template sssd.conf
   template:
     src: sssd.conf.j2
-    dest: /etc/sssd/sssd.conf
-    backup: yes
+    dest: "{{ sssd_conf }}"
+    backup: no
     owner: root
     group: root
     mode: 0600
+    force: yes
 
-- name: Enable and start sssd
-  service:
-    name: sssd
-    state: restarted
-    enabled: yes
+#- name: Enable and start sssd
+#  service:
+#    name: sssd
+#    state: restarted
+#    enabled: yes
diff --git a/roles/sssd/templates/sssd.conf.j2 b/roles/sssd/templates/sssd.conf.j2
index f37bb665468b82205eb1b5927a27d0ccde70c93f..2ccb5848df0b43d21bca672d127c9c3ea902ef3f 100644
--- a/roles/sssd/templates/sssd.conf.j2
+++ b/roles/sssd/templates/sssd.conf.j2
@@ -1,13 +1,13 @@
 [domain/{{ sssd_domains }}]
 cache_credentials = {{ sssd_cache_credentials }}
-krb5_store_password_if_offline = {{ sssd_krb5_store_password_if_offline }}
+krb5_store_password_if_offline = {{ sssd_krb5_offline_passwords }}
 ipa_domain = {{ sssd_domains }}
 id_provider = {{ sssd_id_provider }}
 auth_provider = {{ sssd_auth_provider }}
 access_provider = {{ sssd_access_provider }}
 ipa_hostname = {{ ansible_host }}
 chpass_provider = {{ sssd_chpass_provider }}
-{% if sssd_on_master %}
+{% if sssd_on_master | bool %}
 ipa_server = {{ sssd_ipa_servers | join(", ") }}
 ipa_server_mode = True
 {% else %}
@@ -18,7 +18,7 @@ ipa_server = _srv_, {{ sssd_ipa_servers | join(", ")}}
 {% endif %}
 ldap_tls_cacert = /etc/ipa/ca.crt
 
-{% if sssd_on_master %}
+{% if sssd_on_master | bool %}
 {%   set sssd_services = sssd_services + ", ifp" %}
 {% endif %}
 [sssd]