The underlying Win32 function which implements this routine, LogonUser, requires SE_TCB_NAME privilege. (TCB is an acronym for Trusted Computer Base) In the UserManager application, this privilege is called Act as part of the operating system.
For _NutValidatePassword to succeed, a user must have the SE_TCB_NAME privilege in the domain that he is querying. The errno setting of 13 is a translation of the Win32 error, ERROR_PRIVILEGE_NOT_HELD.
This is a security feature. Without this control, it would be much simpler for a malicious user to mount dictionary attacks against your system. To get the _NuTValidatePassword function to work, you need to assign the SE_TCB_NAME privilege to users or groups that need to have it. | 
