Using ‘ldap+kerberos’ is like saying your api is ‘rest+tls’. It is a protocol/format. The value in AD is how the format is used and its impact on systems and users.
So yes, Samba sounds more sensible.
When I played with it I stayed away from self-managing something like it for linux-only systems and for mixed/cloud/online systems I use Entra Id
When I played with it I stayed away from self-managing something like it for linux-only systems and for mixed/cloud/online systems I use Entra Id