s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon

Using != AUTH_PASSWORD_RESPONSE is not the correct indication
due to the local mappings from AUTH_PASSWORD_PLAIN via
AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE.

It means an LDAP simble bind will now honour
'old password allowed period'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 2ad4468622)

selftest/knownfail.d/samba4.ldap.login_basics

@@ -1 +0,0 @@
-^samba4.ldap.login_basics.python.*.__main__.BasicUserAuthTests.test_login_basics_simple

source4/auth/ntlm/auth_sam.c

@@ -410,10 +410,11 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con
 			return NT_STATUS_WRONG_PASSWORD;
 		}
 
-		if (user_info->password_state != AUTH_PASSWORD_RESPONSE) {
+		if (user_info->flags & USER_INFO_INTERACTIVE_LOGON) {
 			/*
 			 * The authentication was OK against the previous password,
-			 * but it's not a NTLM network authentication.
+			 * but it's not a NTLM network authentication,
+			 * LDAP simple bind or something similar.
 			 *
 			 * We just return the original wrong password.
 			 * This skips the update of the bad pwd count,