I've got a network set up in the house with a Windows 2003 DC, a Windows 7 Workstation and a host of VMs doing various tasks running either XP Pro, Ubuntu or FreeBSD. Ideally I would love to have domain credentials work across all machines so that I could more easily manage identities, passwords etc.
Is there a good way to implement non-windows clients on a Windows domain?
I have found likewise open works well and is easy to install.
Linux has PAM. This is great for setting up all kinds of fun unusual authentication. In your case, you want something like LDAP/Kerberos, where the Win2k3 DC servers as the source. Check out this doc on how to configure PAM to authenticate using winbind.
The tool you want is winbind, which comes with samba. You can use this to register a machine on a windows domain. Password authentication against the domain can be done with pam_winbind. If your users have home directories on a win2kx server you can use SFU (Services for Unix) to export them via NFS off the server or mount the directory via samba.
A description of this can be found in the Winbind HOWTO on the samba web site.
I have achieved let only one AD_USER or AD_GROUP to ssh login the linux box via AD authentication.
The details are listed as here: (pay attention to step 7 and 8)
https://gist.githubusercontent.com/xianlin/8c09d916994dac7630b9/raw/ee07817a03bc5904a5404a7e7c94e08ea0c7560a/CentOS_AD_Integration