[Samba] User must change password at next login (after ADUC reset)

[mathias dufresne]

Hi all,

Samba 4.3.0 rc4 as AD, two DC in that domain. Very small database. smb.conf
is the same as after "samba-tool domain provision".

Today I tried to reset some standard user password using ADUC and checked
the box "User must change its password at next login" (sorry for not
copying it from Windows gui, I have no Windows client speaking English
here).

First the good thing: it worked well, password was set with new value,
pwdLastSet was set to "0" in AD object, user can use this new password when
login on Windows or SSH and user was asked to change its password.

Next the bad thing: on Windows 7 client I was not able to set up a new
password.

At first login try, a message is displayed telling this user must change
its password. This message comes with two buttons: OK and Cancel.
Clicking on OK just throw me to previous page, the login page, with my
account name and password (displayed as little round) already there.

On this login page I have to re-type my password, if I don't the message is
something like "bad password" (sorry, still no English Windows).
Once this is done, retrying to login gives me:
"No server available to treat your new session request".

Using SSH I'm able to set up a new working password for that user.

Any idea regarding what could be the cause of such an issue?

The Windows7 I use are tweaked to suit this company needs and I have no
idea about these tweak.
Next days I'll try to set up an English Windows without tweaks. To have
English errors and to have a blank Windows to perform tests on. If this
changes anything, I'll come back.

Thanks and regards,

mathias