pam_group not working at all

Fixed in 0.9.8

This bug was fixed in the package lightdm - 1.0.0-0ubuntu1

---------------
lightdm (1.0.0-0ubuntu1) oneiric; urgency=low

  [ Steve Langasek ]
  * don't start on graphics-device-added; reintroducing this reverted the fix
    for bug #615549 from maverick without explanation.
  * clean up the completely illegible start rule for debian/lightdm.upstart,
    killing off the unnecessary parentheses
  * debian/lightdm.upstart: when lightdm is shut down by a runlevel call,
    emit an upstart event that can be caught by plymouth so it can
    distinguish between the DM shutting down for a runlevel change vs. other
    causes. LP: #854329.

  [ Robert Ancell ]
  * New upstream release.
    [ 0.9.8 ]
    - GetSeatForCookie and GetSessionForCookie are now deprecated. They
      remain for now but use the XDG_SEAT_PATH and XDG_SESSION_PATH
      environment variables instead.
    - Change log filenames to be unique across different display types.
    - Fix up script hooks, add regression tests for them
    - Complete removal of X code from the core of LightDM, so it can better
      support various display types
    - Add ability to set the language of a user from the greeter (LP: #803858)
    - Set LANG variable based on the user language
    - Add language selector into GTK greeter (disabled by default)
    - Allow TCP/IP connections if xserver-allow-tcp is true
    - Allow lightdm --version to be run as non-root
    - Automatically respond to PAM messages without prompts (LP: #783598)
    - Create 'AddLocalXSeat' D-Bus method, and require root to use 'AddSeat'
    - Fix multi-seat configuration picking the same display number (LP: #851362)
    - Use correct D-Bus and power interface in liblightdm-qt (LP: #852803)
    - Run pam_setcred inside the session process so pam_group works
      (LP: #851347)
    - Make sure one session is always selected in the GTK greeter (LP: #819177)
    [ 1.0.0 ]
    - Explicitly grab keyboard focus in GTK greeter
    - Fix removed power and a11y menu items in GTK greeter
    - Put system binary directory into path when running in test mode
      (LP: #860003)
    - Call pam_getenvlist after pam_setcred

  [ Lionel Le Folgoc ]
  * Make the gtk greeter easily themable by derivatives: (LP: #845549)
    - rename lightdm-gtk-greeter.conf to lightdm-gtk-greeter-ubuntu.conf,
      and handle the move in maintainer scripts.
    - manage /etc/lightdm/lightdm-gtk-greeter.conf with update-alternatives,
      by default it uses /etc/lightdm/lightdm-gtk-greeter-ubuntu.conf with a
      very low priority.
  * debian/control: lightdm-gtk-greeter provides lightdm-gtk-greeter-config.
 -- Robert Ancell <email address hidden> Wed, 28 Sep 2011 16:00:20 +1000

With regard to Bug #856269 , which is marked as duplicate of this one, I have found that when the password of a domain user is expired, lightdm still does not present the correct steps to change the password.
Here is what happens (lightdm messages are inside ""):

1 - "" --> ******** (first enter expired password);
2 - "(current) NT password" --> ******** (expired password)
3 - "Retype new NT password" --> ******** (new password)
4 - "Invalid password, please try again"

There is a step missing between 2 and 3, and it should be "Enter new NT password".
Also lightdm should display, before step 2, a message saying that the password is expired and need to be changed.

Using su in a text console to login, the correct password changing dialog is presented:

renzo@vmo-amb20:~$ su rbag
Password:
You need to change your password now
Changing password for rbag
(current) NT password:
Enter new NT password:
Retype new NT password:
rbag@vmo-amb20:/home/renzo$

Should I report a new bug?