diff --git a/roles/krb5-kdc-ldap/tasks/main.yml b/roles/krb5-kdc-ldap/tasks/main.yml
index f306e5f..1de5dc5 100644
--- a/roles/krb5-kdc-ldap/tasks/main.yml
+++ b/roles/krb5-kdc-ldap/tasks/main.yml
@@ -1,6 +1,8 @@
 ## Install and configure krb5-kdc-ldap (if not done yet),
 ##  run most tasks only on krb5-kdc-ldap installation.
 ---
+- fail: msg="The machine's domain must not be empty."
+  when: ansible_domain | length == 0 
 
 - name: check if slapd is already there
   stat: path=/usr/sbin/krb5kdc
@@ -135,7 +137,7 @@
       -H ldapi:///
       create -s -subtrees "{{ basedn }}"
       -P "{{ kdc_master_pwd }}"
-      -r "{{ ldap_domain | upper }}"
+      -r "{{ ansible_domain | upper }}"
   no_log: true
   notify: "restart krb5-kdc"
   when: not krb5kdc.stat.exists
@@ -154,14 +156,14 @@
   when: not krb5kdc.stat.exists
 
 - name: create machine principals
-  command: kadmin.local -q "addprinc -randkey {{ item }}/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin.local -q "addprinc -randkey {{ item }}/{{ ansible_hostname }}.{{ ansible_domain }}"
   with_items:
     - host
     - ldap
   when: not krb5kdc.stat.exists
 
 - name: add principal to the keytab
-  command: kadmin.local -q "ktadd {{ item }}/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin.local -q "ktadd {{ item }}/{{ ansible_hostname }}.{{ ansible_domain }}"
   with_items:
     - host
     - ldap
diff --git a/roles/krb5-kdc-ldap/templates/kadm5.acl.j2 b/roles/krb5-kdc-ldap/templates/kadm5.acl.j2
index 1ddf3ff..54c6636 100644
--- a/roles/krb5-kdc-ldap/templates/kadm5.acl.j2
+++ b/roles/krb5-kdc-ldap/templates/kadm5.acl.j2
@@ -1,4 +1,4 @@
 ## access controls for the Kerberos KDC
-root/admin@{{ ldap_domain | upper }} *
-*@{{ ldap_domain | upper }} cil
-*/*@{{ ldap_domain | upper }} i
+root/admin@{{ ansible_domain | upper }} *
+*@{{ ansible_domain | upper }} cil
+*/*@{{ ansible_domain | upper }} i
diff --git a/roles/krb5-kdc-ldap/templates/kdc.conf.j2 b/roles/krb5-kdc-ldap/templates/kdc.conf.j2
index 477c9ba..7a64706 100644
--- a/roles/krb5-kdc-ldap/templates/kdc.conf.j2
+++ b/roles/krb5-kdc-ldap/templates/kdc.conf.j2
@@ -2,7 +2,7 @@
     kdc_ports = 750,88
 
 [realms]
-    {{ ldap_domain | upper }} = {
+    {{ ansible_domain | upper }} = {
         admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
         acl_file = /etc/krb5kdc/kadm5.acl
         key_stash_file = /etc/krb5kdc/stash
diff --git a/roles/krb5-kdc-ldap/templates/krb5.conf.j2 b/roles/krb5-kdc-ldap/templates/krb5.conf.j2
index 8f231cb..11d3cf2 100644
--- a/roles/krb5-kdc-ldap/templates/krb5.conf.j2
+++ b/roles/krb5-kdc-ldap/templates/krb5.conf.j2
@@ -1,16 +1,16 @@
 [libdefaults]
-        default_realm = {{ ldap_domain | upper }}
+        default_realm = {{ ansible_domain | upper }}
 
 [realms]
-        {{ ldap_domain | upper }} = {
+        {{ ansible_domain | upper }} = {
                 kdc = {{ ansible_hostname }}
                 admin_server = {{ ansible_hostname }}
                 database_module = LDAP
         }
 
 [domain_realm]
-        .{{ ldap_domain }} = {{ ldap_domain | upper }}
-        {{ ldap_domain }} = {{ ldap_domain | upper }}
+        .{{ ansible_domain }} = {{ ansible_domain | upper }}
+        {{ ansible_domain }} = {{ ansible_domain | upper }}
 
 [dbdefaults]
         ldap_kerberos_container_dn = cn=kerberos,{{ basedn }}
diff --git a/roles/lan-client/defaults/main.yml b/roles/lan-client/defaults/main.yml
index b52918d..7c62cce 100644
--- a/roles/lan-client/defaults/main.yml
+++ b/roles/lan-client/defaults/main.yml
@@ -1,6 +1,5 @@
 lan_homes:  /home/lan
-ldap_domain: "{{ ansible_domain | default('intern', true) }}"
-basedn: "{{ 'dc=' + ( ldap_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
+basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
 ldap_server: ldap
 krb_server: kerberos
 nfs_server: nfs
diff --git a/roles/lan-client/tasks/main.yml b/roles/lan-client/tasks/main.yml
index 1008bb7..74362a1 100644
--- a/roles/lan-client/tasks/main.yml
+++ b/roles/lan-client/tasks/main.yml
@@ -1,9 +1,12 @@
 ---
+- fail: msg="The machine's domain must not be empty."
+  when: ansible_domain | length == 0 
+
 - name: preseed krb5-config realm
   debconf:
     name: krb5-config
     question: krb5-config/default_realm
-    value: "{{ ldap_domain | upper }}"
+    value: "{{ ansible_domain | upper }}"
     vtype: string
 
 - name: preseed krb5-config kerberos servers
@@ -43,12 +46,12 @@
 
 ## Activate machine after installation:
 - name: create machine principal
-  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   no_log: true
   when: not run_in_installer|default(false)|bool
 
 - name: add principal to keytab
-  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "ktadd nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin -p root/admin -w {{ lookup('password', '/root/kadmin.pwd') }} -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   args:
     creates: /etc/krb5.keytab
   no_log: true
diff --git a/roles/lan-client/templates/sssd.conf.j2 b/roles/lan-client/templates/sssd.conf.j2
index 4b5b285..d55c2c7 100644
--- a/roles/lan-client/templates/sssd.conf.j2
+++ b/roles/lan-client/templates/sssd.conf.j2
@@ -16,7 +16,7 @@ ldap_search_base = {{ basedn }}
 
 auth_provider = krb5
 krb5_server = {{ krb_server }}
-krb5_realm = {{ ldap_domain | upper }}
+krb5_realm = {{ ansible_domain | upper }}
 cache_credentials = true
 
 min_id = 10000
diff --git a/roles/ldap/defaults/main.yml b/roles/ldap/defaults/main.yml
index e3df005..c84b93e 100644
--- a/roles/ldap/defaults/main.yml
+++ b/roles/ldap/defaults/main.yml
@@ -1,5 +1,4 @@
 ldap_admin_pwd: "{{ lookup('password', '/tmp/ldap_admin.pwd length=24') }}"
 ldap_pwd_file: "/root/ldap-admin.pwd"
-ldap_domain: "{{ ansible_domain | default('intern', true) }}"
-basedn: "{{ 'dc=' + ( ldap_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
+basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
 lan_homes:  /home/lan
diff --git a/roles/ldap/tasks/main.yml b/roles/ldap/tasks/main.yml
index 36ca050..de33367 100644
--- a/roles/ldap/tasks/main.yml
+++ b/roles/ldap/tasks/main.yml
@@ -1,6 +1,8 @@
 ## Install and configure slapd (if not done yet),
 ##  run most tasks only on slapd installation.
 ---
+- fail: msg="The machine's domain must not be empty."
+  when: ansible_domain | length == 0 
 
 - name: check if slapd is already there
   stat: path=/usr/sbin/slapd
@@ -10,7 +12,7 @@
   debconf:
     name: slapd
     question:  slapd/domain
-    value: "{{ ldap_domain }}"
+    value: "{{ ansible_domain }}"
     vtype: string
   when: not slapd.stat.exists
 
diff --git a/roles/nfs-server/defaults/main.yml b/roles/nfs-server/defaults/main.yml
index 294950c..49adf7c 100644
--- a/roles/nfs-server/defaults/main.yml
+++ b/roles/nfs-server/defaults/main.yml
@@ -1,4 +1,3 @@
 export_root: /srv/nfs4
 lan_homes:  /home/lan
-ldap_domain: "{{ ansible_domain | default('intern', true) }}"
-basedn: "{{ 'dc=' + ( ldap_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
+basedn: "{{ 'dc=' + ( ansible_domain | replace('^.','') | replace('.$','') | replace('.',',dc=')) }}"
diff --git a/roles/nfs-server/tasks/main.yml b/roles/nfs-server/tasks/main.yml
index 3cb2f7f..4eb52c0 100644
--- a/roles/nfs-server/tasks/main.yml
+++ b/roles/nfs-server/tasks/main.yml
@@ -1,5 +1,8 @@
 ## Install and configure nfs-server
 ---
+- fail: msg="The machine's domain must not be empty."
+  when: ansible_domain | length == 0 
+
 - name: check if there are installing
   stat: path=/etc/exports
   register: exports
@@ -40,11 +43,11 @@
   register: kadmin
 
 - name: create machine principal
-  command: kadmin.local -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin.local -q "addprinc -randkey nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   when: kadmin.stat.exists and not exports.stat.exists
 
 - name: add principal to the keytab
-  command: kadmin.local -q "ktadd nfs/{{ ansible_hostname }}.{{ ldap_domain }}"
+  command: kadmin.local -q "ktadd nfs/{{ ansible_hostname }}.{{ ansible_domain }}"
   notify: "restart rpc-svcgssd"
   when: kadmin.stat.exists and not exports.stat.exists
 
diff --git a/roles/nfs-server/templates/sssd.conf.j2 b/roles/nfs-server/templates/sssd.conf.j2
index 0cea9c5..54868d2 100644
--- a/roles/nfs-server/templates/sssd.conf.j2
+++ b/roles/nfs-server/templates/sssd.conf.j2
@@ -16,7 +16,7 @@ ldap_search_base = {{ basedn }}
 
 auth_provider = krb5
 krb5_server = {{ ansible_hostname }}
-krb5_realm = {{ ldap_domain | upper }}
+krb5_realm = {{ ansible_domain | upper }}
 cache_credentials = false
 
 min_id = 10000