Samba as AD member and sssd-ad - how to join "both"?

Hi

I've been using sssd-ad a couple of times against a Server 2012 R2 domain and so far I'm pleased since it does make integration with AD easier. Technically all I need is being able to restrict who in AD can log in, grant sudo permissions (using the sudo LDAP schema) and read SSH keys from AD. It is quite a bit more straightforward than with Samba / winbind. In this case the Linux box gets joined to AD and a computer object will be created.

However I have a system running FreeRADIUS with Samba since this is the basically only way to get authentication working in FreeRADIUS against AD. (as there are no plaintext passwords readable). This means that this system is configured as AD member server in Samba and therefore after joining the domain there is a computer object in AD for this system.

How can I get sssd-ad and Samba on the same system without breaking the AD join for one of each?

I can imagine the same issue appearing for RHEL systems running Samba for filesharing accessible to AD users yet the system would like to use SSSD for shell access against AD.