I have OpenLDAP 2.4.12 and Samba 3.5.1 installed. When I try to change the password with smbpasswd, it changes the Windows password fine. But userPassword is not updated in LDAP. The error message is: "smbldap_check_root_dse: Expected one rootDSE, got 0" when I run smbpasswd -D 10 <username>.

I added the following to slapd.conf:

access to dn.base=""
by * read
password-hash {md5}

in hopes of allowing samba to read the root DSE, even though Samba is configured with the root DN.

Any ideas on how to make samba find what it needs in the root DSE of my LDAP server?

Did you add the following parameter to your samba configuration?

By the way, it is easier for us to help you, when you post your configuration here as well.

Unfortunately it is not easy for me to post the configs because they are on an internal testing network with no Internet connection. I do have ldap passwd sync = yes in smb.conf which makes samba try to update userPassword in LDAP. But I get the above message "smbldap_check_root_dse: Expected one rootDSE, got 0". This worked with older versions of OpenLDAP and Samba, so I was wondering if there is some configuration change I need to make to OpenLDAP to get Samba to update the userPassword LDAP attribute.

As said before, to be of any help we need the configuration files. Your problem can be caused by many things or even combinations of things. We can guess, but I think you have more chances to win in a casino.

Just in case this helps other people, it was a config issue with PAM. I forgot to configure /etc/pam.d/samba to use LDAP.