> Have you actually looked for alternatives, or is AD "good enough"?

TBH, I always thought YP/NIS was good enough... but I live in a tiny bubble. Obligatory:

https://xkcd.com/927/

P.S. Your cert for https://kogito.network/ is expired :(

AD/Entra is pretty good in my experience working with it. Self-hosting Entra is basically running a Windows Server + Domain Controller, or one of the alternatives you mentioned. Not something I would typically recommend to a customer unless they already had it running and were experienced in it.

IMO, the best way to "handle identity across Windows and Linux" is Microsoft's own tools. You can join Windows, Mac, and Linux machines into Entra now. For $8 a month you can get an F3 license for a user. This gets you the MS Office Suite (web only) plus Intune/Endpoint Management for 5 active devices, licensed Windows 11 Enterprise (good for machines without an included windows license), the ability to control Device Policy and Conditional Access Policy. The F1 license ($2.25) might work, but don't quote me on that (read-only office, no mobile apps, no Windows Hello for Business).

Mac and Linux machines aren't as robust as Windows for endpoint management. But the core features you'd want are mostly there. Apple business manager is needed and has to be paired with Entra, but it's not completely terrible. The Microsoft documentation is actually very helpful here.