The share-level password could be a viable solution, but requires some development. I’m not sure it’s worth the effort.
We already have a SMB compliant implementation with user-level authentication based on Active Directory. We provide a Samba Active Directory Domain Controller package. I don’t like to maintain different solutions which address similar requirements… 
If I may add my $ 0.02…
If you want to offer Microsoft DC like landscape, you can’t escape, Samba 4 is the way to go.
Once this is said, you do have to understand that Samba team, willing to emulate Microsoft domain, is facing exactly same problem (or constraint) that is to rely on “dedicated” LDAP server that can’t be used any more as standard LDAP server.
What do I mean with “std LAP server” ?au
The beauty of LDAP, as a protocol, is also that you can extend and customize LDAP schema depending on your needs. You may decide to use UID as RDN for users entries. You may decide to create different branches for different purposes…
Samba AD-LDAP schema is like AD. Not flexible. But there is no choice.
This means that is you need LDAP for something else that doesn’t natively fits with Windows design, because Samba mimics Windows, it will not fit with Samba neither and solution is to maintain another (standard) LDAP server that can be used, f.i. to deploy you mail service (unless you decide that may is OpenXchange only 
Standard LDAP schema can still be update to whatever you want. Of course, if what you want is AD like LDAP, then you are locked again. But if you need Posix (RFC2307) on this LDAP server, then nothing prevent you do to it.
Synchronizing pwd is not easy, inteed, especially if you are in Microsoft world and want to change it from Windows client.
One option is to deploy customized GINA and write in a “Y” mode, or to intercept pwd before it is written on target directory.