We currently have our CentOS 5.5 servers authenticating against our Active Directory environment (Windows 2003 R2) utilizing Samba & Winbind. It's served us well but we need something more robust and someone has suggested utilizing LDAP & Kerberos to authenticate directly against AD. The main motivation behind this push is we have disparate UID/GID where a single user (bob) on one server will have UID 501 and on the other 531 and it's affecting permissions for SMB mounted directories.
It's my understanding (speaking as a Linux newb) that the Unix attributes in AD can be read, therefore centralizing and standardizing our UID/GID across the environment? I'd like this environment to be as stable as possible and don't think the Samba/Winbind solution is scaling well, so if I can do this strictly by pointing to AD as an LDAP server that would be ideal.
Any suggestions are greatly appreciated and will keep me from pulling my hair out further.