[RealityVoid]

I want to set up something like this for my home network. The one thing missing that I'd also like is a way for users to log in to windows machines using these credentials. I understand that is also possible via Kerberos, but... Well, it takes some time to understand these things, me not doing a whole lot of sysadmin work ...

It also seems the author has a more recent post about using Samba as an AD controller, and that would be an alternative to this setup right here:

https://helgeklein.com/blog/samba-active-directory-in-a-dock...

[EvanAnderson]

I'd go the Samba Domain Controller route, personally. Of any way to do it I think that would give you the smallest sysadmin "burden". You'll also get Group Policy functionality, which is useful for standardizing configurations across your Windows clients (if that's a thing you need).

[SteveNuts]

FreeIPA (the upstream project for Red Hats IDM) could fit your needs

https://www.freeipa.org/page/Windows_authentication_against_...

[Helmut10001]

Keycloak has Kerberos+LDAP Federation build in. I wrote a blog post on how to self-host keycloak [1]. If you don't do theming, it is quite quick to setup. Just updated the blog post for version 25.0.1.

[1]: https://du.nkel.dev/blog/2024-02-10_keycloak-docker-compose-...

[nitnelave]

There's a few people who looked into getting samba to plug into LLDAP. I haven't looked myself, but I seem to remember that the main obstacle was not insurmountable (last modified timestamp for users)