Greg,
The latest release of Windows AD (ADR2) integrates a newer version of SFU into the AD schema. We have tested it very successfully using our CentOS boxes to authenticate authorize access to our machines, using kerberos and LDAP.
We tried the winbind/smb approach, and the way it handles UIDs and GIDs is less than desireable in our case. It might work for small offices/networks with 50 users or so, but for us, in the case of spreading it campuswide to 1000s of users, it would never do. Also, the degree of UID/GID management is less than stellar since they are enumerated as people log on, and if the machine housing the UID/GID database crashes or you lose the database, getting the exact same mappings upon rebuild may not work - even with backups.
Ian