Enabling "smart card required for logon" make the account having a very long random password.

If one enabled "password hash userPassword schemes = CryptSHA256 CryptSHA512"  option in samba, then we get the error because crypt has a max password lenght limit lower than the password auto-generated.

{"timestamp": "2025-11-06T10:00:22.831585+0100", "type": "dsdbChange", "dsdbChange": {"version": {"major": 1, "minor": 0}, "statusCode": 1, "status": "Operations error", "operation": "Modify", "remoteAddress": null, "performedAsSystem": false, "userSid": "S-1-5-18", "dn": "CN=user1-smartcard,OU=Generique,OU=srp_hard,OU=users,OU=tranquilit,DC=test,DC=tranquil,DC=it", "transactionId": "47141652-c5d5-4db6-a71a-66c204c3535c", "sessionId": "940441d6-e9e2-446c-901b-f616cc76197a", "attributes": {"userAccountControl": {"actions": [{"action": "replace", "values": [{"value": "262656"}]}]}}}}

ERROR(ldb): Failed to modify user 'user1-smartcard':  - setup_primary_userPassword: generation of a CryptSHA256 password hash failed: (Password exceeds maximum length allowed for crypt() hashing)

Perhaps CryptSHA256 CryptSHA512 hash generation should be disabled for those accounts, since the user doesn't know the password, so CryptSHA256 hashes have no use.