The windows DPAPI fails after repeated user password change on Windows 7. According to this bug report for UCS: https://forge.univention.org/bugzilla/show_bug.cgi?id=35287 It is caused by the RSA modulus not being set to 2048 bits. Samba developer Andrew Bartlett commented on the samba mailing list here: https://lists.samba.org/archive/samba/2014-November/187161.html That a patch would require a reviewer and testing to ensure against regressions. This bug has been created to track when mainline samba implements a fix.
The patches have been tidied up and are proposed for master and 4.2 in bug #11097
*** This bug has been marked as a duplicate of bug 11097 ***