in some AD environment the user used to join a machine may only have right to create or delete objects but not modify. The net join code though recently wants to set the supported encryption typed after joining the account, which may fail then. The better approach is to create the machine account with all the intended attributes with one shot. Patch from metze will follow.
Created attachment 11872 [details]
patch from master
Karolin, please add to 4.4 (at least)
4.3 also need that fix.
Pushed to autobuild-v4-[3|4]-test.
(In reply to Karolin Seeger from comment #4)
We need a follow up fix that takes care of the case, where
we the admin doesn't provide a ou.
Created attachment 11920 [details]
Additional patches for v4-4-test
Created attachment 11921 [details]
Additional patches for v4-3-test
Karolin, please add to 4-4 and 4-3. Thanks!
Pushed to v4-4-test and autobuild-v4-3-test.
Pushed to both branches.
Closing out bug report.