Using any member of the Windows Server family, I can set up an active directory, and have a single pool of users for a large scale of computers; access can be given / removed for any shared resources in the given domain (including access to client computers, etc).
What similar (and widespread) solutions exist for managing a multi-user, multi-computer environment using Linux? What are their advantages/disadvantages? And how can they interoperate with Windows?
Supposedly Linux computers can use Likewise Open to connect to Active Directory Domains. i.e. use the Active Directory credentials for authentication and access control.
I have tried it briefly myself and had no luck though (ended up inadvertently making my desktop system a domain controller and had to get network admins to reassign it!). Probably just needed to read the docs a bit better...
Not sure if this is what you had in mind, but Linux w/Samba can act as a domain controller for Windows desktops. For example, see SAMBA (Domain Controller) Server For Small Workgroups at HowToForge. This works for file/print sharing etc.
For something more akin to Microsoft's Active Directory, you might check out Red Hat Directory Server:
Red Hat Directory Server is an LDAP-based server that centralizes application settings, user profiles, group data, policies, and access control information into an operating system-independent, network-based registry.
If cost is a concern, there's a Fedora Directory Server version that's the community version for free.
Another potential offering would be Sun's OpenDS project:
OpenDS is an open source community project building a free and comprehensive next generation directory service based on LDAP and DSML. OpenDS is designed to address large deployments, to provide high performance, to be highly extensible, and to be easy to deploy, manage and monitor.
Samba (http://samba.org/) provides interoperability with Windows domain controllers. With version 3 it can act as a primary domain controller. From what I read, version 4 will improve support for ActiveDirectory.
Linux servers can be configured to participate in NIS domains, you should typically be prompted for this kind of setup when building the server. NIS is a lot like Active Directory, providing common identity and authentication across many boxes. You can also configure home directories to be mounted off a common NFS share so that identity and working environment move with the user from box to box.
I have experienced this from the user/tech-lead side of things, hopefully a Linux admin can provide further pointers on how to do it and where to find resources.
Joe: I think NIS is considered legacy Unix stuff these days. I wouldn't recommend it to anyone on a new deployment.
At the company where I work, we run Apple's Open Directory for our LDAP directory and Kerberos KDC. You can achieve the same thing using Red Hat's directory server (mentioned by Jay above), or something like Apache Directory.
While LDAP and Kerberos can be daunting at first, and a bit challenging to get working, I think the effort is quite worthwhile. You can easily scale both up to whatever size you need.
For the Windows end of things, you can hook Samba in to LDAP and authenticate your Windows clients against that.
LDAP is clearly the way to go. See for instance OpenLDAP Software 2.4 Administrator's Guide.
An example of setting up user authentication with LDAP on Linux and FreeBSD is on my blog (in french), Comptes Unix stockés sur LDAP.