Interop methods quick summary:
Samba+AD
ldap client+AD
Nisclient+Nis domain (SFU)
Centrify client+AD ==> I recommend Centrify: www.centrify.com
————————————————————————————————
Single sign-on JAVA with AD:
Before jumping into implementation and configurations it is good to know some common keywords /jargons used on single-sign-on technique.
Single-Sign-On http://en.wikipedia.org/wiki/Single_sign-on
Kerberos – http://en.wikipedia.org/wiki/Kerberos_(protocol)
Active Directory – http://en.wikipedia.org/wiki/Active_Directory
SPNEGO – http://en.wikipedia.org/wiki/SPNEGO
JAAS – http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/tutorials/index.html
how kerberos works (Web server and AD):
The Web Server has to hand-shake with browser to obtain kerberos token. The token can be validated against keytab file (http://kb.iu.edu/data/aumh.html) or connecting through Active Directory.

The below diagram explains how the handshake happens between browser and webserver to obtain kerberos token for authentication.