User is able to login to shared volume with original Shadow Password

I have my server box running couple shares and I have 4 users in the Local domain, I do not have OD running.

When I first created the users all of them had a default password "password". When over time I needed these users to have different passwords they created the new passwords and everything works well. BUT when they use the OLD password "password" they are able to login to the share volumes as well as with the newly created password.

Its if like the original password got stuck to that user.

Is there a way to make the user "forget" the original password? This is truly a major glitch on Apple's side.

The funny thing is that if I change the new password "second" to a "third" password, the "second" password stops working and the "third" takes over.

Any ideas?

If this is confusing I'll detail it better here:

User1 :: Original pass <password>
User1 :: Changes pass to <password2>
User1 :: Changes pass to <password3>

Original password always allows the user to login to any shares the user can login to, password2 AND original password work simultaneously when changed the first time, password3 makes password2 not work anymore when changed and then only password3 AND original password work simultaneously.

TIA!!!