samba-dc: Configure samba4 winbind

The *samba-dc* role now configures `winbindd` on domain controllers to
support identity mapping on the local machine. This will allow domain
users to log into the domain controller itself, e.g. via SSH.

The Fedora packaging of *samba4* still has some warts. Specifically, it
does not have a proper SELinux policy, so some work-arounds need to be
put into place in order for confined processes to communicate with
winbind.

roles/samba-dc/defaults/main.yml

@@ -1,2 +1,4 @@
 samba_dc_use_rfc2307: true
 samba_is_first_dc: false
+workgroup: '{{ krb5_realm.split(".")[0] if krb5_realm is defined else "WORKGROUP" }}'
+winbind_template_homedir: /home/%U