Recommendation for Idiot-friendly cross-platform centralized auth?


I tried playing with some kind of AD over a year ago (samba-based or real AD), and somehow managed to screw it up to the point of being inaccessible within 15 minutes, by moving users into groups. And yet, in my home network, I’d really appreciate having some kind of SSO, as I keep having services/machines I need to create usernames and passwords for come and go faster than I can actually spend the time to figure out how to do something useful with them.

I’m setting up a new desktop, and factory-resetting my old one, both hopefully this week. Can someone point me in the direction of some kind of centralized auth system that I won’t screw up as soon as I try to organize it?

Requirements I have right now:

  • Some kind of LDAP compatibility for NAS-like systems
  • Windows & Linux compatibility
  • Doesn’t force me to change my password every 3 months (1 year is better)

Requirements I might have some day:

  • Mac compatibility
  • SAML/Oauth/Open ID Connect functionality
  • Some kind of “roaming profiles” or file sync
  • Replication across machines (guarding against hardware failure)

Things I have to work with:

  • A small synology box (Yes docker, no VMs)
  • A horde of ARM-based single-board computers
  • 3x HP DL-380 G6/G7

Things I don’t have:

  • Time
  • Prior experience as a sysadmin
  • Budget to buy a solution (If it’s more than $200, I need to justify it. There’s other things I need to do with my money)
  • Stable compute infrastructure
  • Redundant internet
  • Rock-solid backups

Thanks for any pointers you folks can provide.