The remote FreeBSD host is missing one or more security-related updates.
Samba project reports : In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication. smbcacls can remove a file or directory ACL by mistake.