If you want nice interoperability with the Active Directory, try looking at Vintela Authentication Services (VAS). It consists of one rpm loaded on to the linux side. This software was recommended to us by Microsoft. (They admitted their own solution is cumbersome and requires a lot of configuration on the AD side). It is owned by Quest Software and has good support. It works nicely with ssh (as well as tectia ssh2), ftp, cvs and they even have an Apache module. Your standard Active Directory Users and Computers program is used on the AD side to manage linux users and groups.

We just upgraded from w2k AD to win 2003 AD a couple of weeks ago and no changes needed to be made on the linux side.