This all seems to work successfully, the server appears on the FreeIPA web console and even:
$ sss_ssh_authorizedkeys $MY_IPA_USER
works! But ssh, sudo don't work. However if I patch /etc/sssd/sssd.conf and add nss and pam to [sssd] services, ssh, console login and sudo work!