From Gentoo Linux Wiki

[edit] Support

I've created a thread over at forums.gentoo.org regarding this HowTo for supporting this guide, take a look.

[edit] Smbk5pwd overlay

[edit] What is it?

Using the smbk5pwd overlay enables the user to let openldap update both the ldap, nt and lanman password without the need of a third party tool (or samba itself) doing so.

[edit] Prerequisites

First of all, you will need the openldap 2.3.x sources. If you plan to install the correspondent openldap server, I suggest you use the ebuild to get them. You can get it here http://bugs.gentoo.org/show_bug.cgi?id=107686 for the time being. Put it in your local portage overlay (HOWTO_Installing_3rd_Party_Ebuilds)

Another ebuild is available at http://bugs.gentoo.org/show_bug.cgi?id=116045 . Be sure to set USE="-minimal" to build the contributed modules. If you're using kerberos please note that the smbk5pwd overlay expects app-crypt/heimdal though it may work with mit-kerberos.

If you plan to use it on openldap 2.2.x you'll have to copy it to same directory within the 2.2 source tree. You can get the sources from the http://www.openldap.org website

[edit] Compilation

The smbk5pwd overlay has to be compiled when you still have the compiled source tree of openldap available. To get there do the following:

cp -v /usr/portage/net-nds/openldap/files/* /usr/local/portage/net-nds/openldap/files/
ebuild /usr/local/portage/net-nds/openldap/openldap-2.3.11.ebuild digest
ebuild /usr/local/portage/net-nds/openldap/openldap-2.3.11.ebuild unpack
ebuild /usr/local/portage/net-nds/openldap/openldap-2.3.11.ebuild compile
ebuild /usr/local/portage/net-nds/openldap/openldap-2.3.11.ebuild install
cd /var/tmp/portage/openldap-2.3.11/work/openldap-2.3.11/contrib/slapd-modules/smbk5pwd

nano Makefile

Make some changes to the Makefile

 -LIBTOOL=../../../libtool
 +LIBTOOL=libtool

 # Omit DO_KRB5 or DO_SAMBA if you don't want to support it.
 -DEFS=-DDO_KRB5 -DDO_SAMBA
 +DEFS=-DDO_SAMBA

 -INCS=$(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
 +INCS=$(LDAP_INC) $(SSL_INC)

 -LIBS=$(LDAP_LIB) ${HEIMDAL_INC} $(SSL_LIB)
 +LIBS=$(LDAP_LIB) $(SSL_LIB)
 
 smbk5pwd.la:    smbk5pwd.lo
   $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info 0:0:0 \
 -  -rpath /usr/local/libexec/openldap -module -o $@ $? $(LIBS)
 +  -rpath /usr/lib/openldap/openldap -module -o $@ $? $(LIBS)
  

 +clean:
 +    rm -vr .libs *.la *.lo *.o
 

Compile it by running "make"

libtool --mode=compile gcc -g -O2 -DDO_SAMBA -I../../../include -I../../../servers/slapd  -c smbk5pwd.c
mkdir .libs
gcc -g -O2 -DDO_SAMBA -I../../../include -I../../../servers/slapd -c smbk5pwd.c  -fPIC -DPIC -o .libs/smbk5pwd.o
gcc -g -O2 -DDO_SAMBA -I../../../include -I../../../servers/slapd -c smbk5pwd.c -o smbk5pwd.o >/dev/null 2>&1
[...]
creating smbk5pwd.la
(cd .libs && rm -f smbk5pwd.la && ln -s ../smbk5pwd.la smbk5pwd.la)

I doubt it will compile the first time thou... might be some mistakes in the Makefile I oversaw or just have to be different... When you have an error, you can always leave me a note or sth.

[edit] Installation

Now we can continue with installing openldap & smbk5pwd overlay

cp .libs/* /usr/lib/openldap/openldap
rm -rf /usr/lib/openldap/openldap/smbk5pwd.la
cp smbk5pwd.la /usr/lib/
ln -sf /usr/lib/smbk5pwd.la /usr/lib/openldap/openldap
cd /
ebuild /usr/local/portage/net-nds/openldap/openldap-2.3.11.ebuild qmerge

[edit] Set it up

You'll need to make some adjustments to both your slapd config and samba config.

ldapcat -l ldap-2008076.ldif

ldapadd -l ldap-2008076.ldif

 [...]
 modulepath   /usr/lib/openldap/openldap
 moduleload    smbk5pwd.la
 [...]
 database ldbm
 directory /var/lib/openldap-ldbm
 
 overlay smbk5pwd
 [...]
 

 ldap passwd sync = only
 

[edit] Test it

/etc/init.d/slapd restart
/etc/init.d/samba reload

Try changing your password from a windows client, see if it works, see if you can login again afterwards.

[edit] TroubleShooting

I'm not an expert, but I can try
Po0ky