Typically, LDAP
(nee Microsoft OpenDirectory) is used for this purpose. Other technologies like Radius and Kerberos
can be used, but LDAP is by far the most common. There are hundreds of thorough articles on the Internet that show you exactly how to do it.
Basically ... "in even a small office with Windows machines, say, or Macs, or machines of any type at all, you quickly discover the need to manage ... not only login-credentials, but
arbitrary attributes of those users, from one central location." There's simply no other practical way to do it. LDAP has become the
de facto standard for doing that, and Microsoft's management-console happens to be a very good tool.
You simply arrange for the Linux boxes to conform to that, which they can very easily do.
Integration with LDAP usually happens in many other ways. Web-servers such as Apache or nginix can query to find out whether access should be granted to a particular user. A user can "log in" (using LDAP-validated credentials), and then find that
this login is also seamlessly recognized by other
intranet web-pages that he might visit. And, if those pages are driven by CGI-code of any sort, those CGI handlers can
also seamlessly query those (trustworthy ...) credentials, thus creating a very smooth "single sign-on" user experience.
All of this stuff is "already invented," and is cross-platform between Windows, Linux, OS/X, and even mainframes. You might not have encountered it yet, if you haven't had five thousand computers and laptops to manage yet ...
... but you'll love it, when you do.