In a Linux network, is it possible to manage permissions from a central location?
If I have an LDAP server where users can authenticate, can I manage permissions from there?
I'm talking about permissions to servers (like Samba), but also inside their own machines.
What are other ways to manage them?
Yes, you can use LDAP. If you're happy to let users use passwords, you can store passwords in LDAP, and use nss ldap and pam ldap to identify and authenticate users from your directory respectively.
You'll need to put some custom attributes on to your users in LDAP to give them unix user IDs and passwords.
If you want ssh keys, you'll need to install a patch to sshd which takes its keys from LDAP, this is not normally an option. That's what we use, it works really well (a few dozen authorised engineers, 650+ servers).
I haven't used it but something like Puppet should set permissions.
I have used rdist to push and run a script scripts on a few hosts I manage. It would be easy enough to add the commands needed to set permissions to the script you push.
As others have mentioned, LDAP is a pretty simple way of doing it. The Linux docs can be found here. When setting up the pam configs you can specify that users have to be members of a specific group to log in, which allows you to use the LDAP tools to add/remove users from groups in order to allow/deny them access to specific servers.
If you're just using SAMBA and have an Active Directory domain you can join machines to, Samba can join domains. This and Winbind will allow you to manage which shares users can have access to.
As for end user workstation management by policy, I'm not so sure. Novell has some things for that if you're willing to spend money (under their Zen line).