Permit user to change expired password

[Mark Foley]

I don't think this is a bug per se as Ubuntu probably does not officially
support this setup, so I'll start with the developers list. Redirect me if there
is a more appropriate place to post this ...

I am using Ubuntu 15.10 as a Active Directory member host (i.e. client
workstation) using Samba 4.1.17 on Ubunutu to the AD/DC controller running Samba
4.1.23.  The Ubuntu workstation uses the user.py module of samba-tool to manage
passwords and I have a menu desktop config that lets me change the domain
password.  All that works fine. 

The big problem is when the user's password expires. On the LightDM greeter
login box I do get a "Password Expired" message, but no opportunity to change it
(Windows forces the user to a 'change password' dialog). If I try to log in
anyway, I can't, and the system goes a bit nuts.

Trying to log in remotely via ssh no longer works.  Port 22 is still open, but
the connection times out.  I can login via LightDM greeter as a local (not AD)
user, but it takes a long time (I tried logging in, got a blank greeter
background, waited a very long time, gave up but left it as-is, came back the
next day and noticed I was logged in).  Once logged in I tried `su` and `ssh` -
got the password, but it hung there for 6 minutes before I got the shell prompt
(su).  I tried running `top` to see what was going on, but again, many minute
delay. When if finally did run I see that windbindd is eating 99.7-100% of CPU
cycles. I'll worry about the windbindd issue later ...

What I'd like to see is, if a password is expired, the user gets a dialog that
requests a password change.  I have such a dialog (from Samba), but I need it to
be displayed when there is an expired password.  I'd be happy to work on this
myself, but I need some direction.  What program(s) have to do with logging in?

Assistance would be appreciated as I am trying to move our office way from
Windows to Ununtu workstations, which I think could certainly be a wave of the
future.

Thx -- Mark