source of samba-3.4.0pre2:
there is a check
(policy->expire == -1)
that can never be satified since
policy is wbcUserPasswordPolicyInfo and
expire is defined in nsswitch/libwbclient/wbclient.h as uint64_t.
Since an expiry of "never" is translated to the biggest number
I think the test should be something like
(policy->expire + 1 == 0)
The same bug appears in samba 3.3.x where the check was
(policy->expire <= 0) and prevents logins
in particular configurations with security = ADS.
This is a duplicate, just for 3.4 (bug #6253 is for 3.3)
*** This bug has been marked as a duplicate of bug 6253 ***