We have a few Macs in our office which are bound to our Active Directory (Server 2k8R2) domain for login authentication and access to file shares. For the most part this has worked without trouble.
I recently changed my AD password (from the Windows box that is my main desktop machine), and my iMac still wants my old password for logins—even after a reboot. It correctly prompts for the new password when I attempt to connect to Windows smb file shares.
The last time I changed my password, the iMac was running Snow Leopard and picked up the password change as expected.
I'm a little bit of an OS X n00b, so I apologize if this should be obvious. My searching has turned up numerous issues people have had with Lion and Active Directory, but not this particular problem.
Possibly related, we do have mobile accounts enabled for AD in the Directory Utility options. I assume this causes credentials to be cached locally, but it's not clear to me how to get them to update.
EDIT: I tried disabling mobile accounts for AD, but alas, no change. I'm still authenticating with my old password.
How long has the Mac been bound to your AD environment? If its been a while, and by a while I mean the time it takes for your AD computer objects to negotiate the password change of the computer object. I think on OS X the default is 14 days.
Set how often the computer trust account password should be changed
I remember this causing some problems for us.
I tried both setting the interval to zero and setting a preferred domain controller, neither of which seemed to have any effect. I also (each time) deleted the "login" keychain and any reference to ActiveDirectory under the "System" keychain. And lots of rebooting. Nada.
Unbinding and rebinding was the only way I could get the login password to take, and it took as soon as I sent my credentials to rebind--in the middle of the session as that user (I was doing this on my own box because I could test different methods with impunity).
I would love to have a less intrusive solution (especially one I could manage via a terminal over ssh), but this is what I have for now.
As I mentioned in the comment on Ryan's very helpful answer, the problem was finally solved by setting a preferred domain controller. This can be done via the Directory Utility UI (in advanced settings), or via the command line:
Possibly a Lion problem, possibly a domain problem. In any case, I'm leaving this answer in the hope it will help someone else.
The other solution, that has worked for me is to unbind the computer from the domain, then rebind it. You may end up with a legacy computer record in the AD Users and Computer DB, but this does seem to resolve the disconnect.