AD is incredibly more popular than Kerberos despite part of it using the protocole. Microsoft is everywhere in the corporate world and most people know of AD but have never heard of neither LDAP nor Kerberos.
And to be honest, it's fairly understandable. AD manages to be somewhat turnkey while doing the same thing on Linux systems is a major pain.
OpenLDAP and SSSD via PAM. It’s - well - let’s leave it at not very nice to put in place. It does the job once there however.
I am fairly convinced that Redhat, Novel and Oracle probably have a nice interface on top of it all to make it manageable and therefore have a vested interested in keeping it as awful as possible for the rest of the world.
Using ‘ldap+kerberos’ is like saying your api is ‘rest+tls’. It is a protocol/format. The value in AD is how the format is used and its impact on systems and users.
So yes, Samba sounds more sensible.
When I played with it I stayed away from self-managing something like it for linux-only systems and for mixed/cloud/online systems I use Entra Id
And to be honest, it's fairly understandable. AD manages to be somewhat turnkey while doing the same thing on Linux systems is a major pain.