Being able to integrate IPA into Samba4 is certainly a very very awesome thing to do. Otherwise Fedora/Redhat will end up supporting two incompatible Kerberos/LDAP-based domain controller implementations.
Hopefully they can pull it off in such a way that no level of Active Directory compatibility will be lost. The ability to have a compatible AD implementation is a such as massive and important killer feature that it would be a fatal mistake to not take compatibility deadly seriously. It would be better to have two incompatible domain controller systems then it would be to have limited Windows/AD compatibility.
All in all it's very exiting. Kudos to the development groups behind this.
So far my experiences using and testing FreeIPA have been insanely positive. This with SSSD is a monumental step forward in terms of usability and effectiveness of Linux systems in a domain environment. Absolutely fantastic stuff. For people who are interested in network security or enterprise level domain controllers and have not taken time to evaluate FreeIPA on a Redhat/CentOS/Fedora system you are doing yourself a huge disservice!
This sort of stuff makes kerberos/ldap integration and support on the OS level deadly simple. Even doing something like taking a Debian host using a older revision of SSSD and having it join a FreeIPA 2 domain is almost laughably simple compared to the hell that was previously required with a more custom solution made up of configuring separate components like OpenLDAP + MIT kerberos.
And thinking that it can be possible to have compatibility with AD and thus be able to integrate Windows hosts naturally with Linux hosts can open up all sorts of new possibilities and markets. Lots of $$$ to be made by Redhat and anybody else that can manage to sell this support to corporations. (hint: Looking at you; Canonical)
Oh and integrating Kerberos support into web apps via the NSS apache module is very simple also. With a couple simple configuration modifications even Chrome/Chromium can support single sign on.