Typically, LDAP (nee
Microsoft OpenDirectory) is used for this purpose. Other technologies like Radius and Kerberos can
be used, but LDAP is by far the most common. There are hundreds of thorough articles on the Internet that show you exactly how to do it.
Basically ... "in even a small office with Windows machines, say, or Macs, or machines of any type at all, you quickly discover the need to manage ... not only login-credentials, but arbitrary attributes
of those users, from one central location." There's simply no other practical way to do it. LDAP has become the de facto
standard for doing that, and Microsoft's management-console happens to be a very good tool.
You simply arrange for the Linux boxes to conform to that, which they can very easily do.
Integration with LDAP usually happens in many other ways. Web-servers such as Apache or nginix can query to find out whether access should be granted to a particular user. A user can "log in" (using LDAP-validated credentials), and then find that this
login is also seamlessly recognized by other intra
net web-pages that he might visit. And, if those pages are driven by CGI-code of any sort, those CGI handlers can also
seamlessly query those (trustworthy ...) credentials, thus creating a very smooth "single sign-on" user experience.
of this stuff is "already invented," and is cross-platform between Windows, Linux, OS/X, and even mainframes. You might not have encountered it yet, if you haven't had five thousand computers and laptops to manage yet ...
... but you'll love it, when you do.