Guenther - the net_rpc_join.c code uses a level 24 to set the password when we are joining a Samba PDC. Inside smbd we don't update the password last set field from zero on level 24, only level 25. Thus the password last set is left at zero on a join and subsequent auth attempts on the machine account fail with a NT_STATUS_PASSWORD_MUST_CHANGE error.
I've reproduced this on 3.0.x but I think the same code is in 3.2 and this is a blocker bug for 3.2.0.
Created attachment 3356 [details]
Proposed patch ? I don't have your test matrix so I don't know if this is correct, but it seems to fix the problem for me.
Created attachment 3368 [details]
Fixed with supplied patch.