samba the last is able to emulate AD in some form. We tried it at home, ran into a bummer with UPN suffixes, but in principle you can live without them. Group policies are also able, but replication must be configured. SSO is not directly related to the authentication method. In one bottle - will not work.

Have you considered the option of moving AD to a virtual machine? Samba 4 will allow you to do authorization, the main and most commonly used gpo, but the convenience in samba is not that much.

If you want everything on Linux, consider freeipa.
Well, or a paid analogue from RedHat.
True, I’ll say right away that if you still use debian-based distributions, then problems with kerberos in nfs and samba will begin. Everything works fine on centos, it also integrates with AD.
But if you partially leave Windows, then samba is better at once.

Covering 100% with the same convenience will not work, but there are options:
1) Classics of the genre - samba. It hurts, it's difficult, it will take a long time, but it will be almost AD.
2) FreeIPA
3) UCS linux
4) Because , I understand that everything will be completely unixway, then why not go exactly their way? Let's say nis + nfs is very simple and, let's say, will give balls and user management in a native way. Further postfix which is also fastened to nis, etc. It will turn out not very hemorrhoids, but the most necessary functionality, and even in the native environment. In windows, by the way, there is support for nis and nfs, but at what level and how convenient I never checked =)
By the way, for quick tests, you can try openSuse, it has very convenient guis for setting up all the outrages and it will be quite familiar when switching from windows, incl. and servers.

If "domestic software" is a cornerstone and unchanging requirement (and most likely it is - I have seen this topic for the third time since the beginning of the year) - you need to start by making a list of what is allowed to use. And then choose from what is.
From pure theory:
- Samba DC + Samba client. It seems like it was promised that almost "windows without vidnovs". The devil, as always, is in the details, but it would be possible to test
- IPA. This thing is used in the redhat domain, there is freeipa
- Exchange is nowhere to be found here - the UNIX principle, as KISS knows, so as a replacement for the ekscha, you will have to screw something similar - Zimbra, Zafara, OpenXchange - but I don’t know how much this is consistent with "domestic software". Although, if necessary, you can stupidly take raw materials and make a fork :)

LTSP as an option for creating a working environment, the only thing is that many actions will have to be wrapped in scripts for autorun.