Since recently applied https://support.microsoft.com/en-us/kb/3167679 users trying to change password on Windows 7 that is joined in a samba 3.6.23 domain get error:
"The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."
Any ideas what could be done to circumvent this or is it all upto KB3167679 not to fall back to NTLM auth:
"Known issues in this security update
This security update disables the ability of the Negotiate process to fall back to NTLM when Kerberos authentication fails for password change operations."
The only way to fix this was to uninstall and hide KB3167679.
It's confirmed https://lists.samba.org/archive/samba/2016-August/202150.html
Big surprise: changing password from Win7 with Ctrl-Alt-Del > Change Password is working again! I guess MS changed something in recent updates...