usrmgr, which creating a new user ticking "user must change password on next logon" doesn't take effect, the administrator has to go into the user properties of the newly created user to tick the box. I'm using an LDAP backend. Its probably advisable to use different back-ends. Also an issue on 3.2(and possibly 3.0)
As a start I tested with 3-4-test and tdbsam and it worked. Need to look at other branches and backends still.
Ok, the fix for this (in 3-4-test) is: http://git.samba.org/?p=samba.git;a=commitdiff;h=842edcd2b08763a35dbdea3518fcc039aa70aad4
Created attachment 4048 [details] backport to 3-3-test This does it for me in 3-3-test
tested the 3-3-test patch with ldapsam successfully as well.
Closing, as the (tested) backport patch has been pushed to 3-3-test and will be in next releases. The remaining problem is the use of the smbk5pwd OpenLDAP overlay when used with ldapsam. The smbk5pwd is not part of Samba.