net_use_krb_machine_account() uses cli_credentials_set_machine_account(), which only tries a local tdb... It should use secrets_db_ctx(); and cli_credentials_set_machine_account_db_ctx() instead...
Symptoms are: # net ads testjoin gensec_gse_client_prepare_ccache: Kinit for CTDB$@TEMP.TEST to access ldap/dc6.temp.test failed: Preauthentication failed: NT_STATUS_LOGON_FAILURE ads_startup_int: ads_connect_creds: Invalid credentials Join to domain is not valid: LDAP_INVALID_CREDENTIALS
Is this related to a bug I've seen where my original join fails, but "net ads testjoin" declares the join to be OK? I've been meaning to look into it...
This bug was referenced in samba master: 690c800c33df4d06d409b9ccfa57e5fa575ab1aa ab3fc1595c0a2e0aa3719cc2fe4684e9a0a2f9d8 f9ee4db2ba74e4f1f1b6d6f32082e5b0fe60f9b9
*** Bug 15728 has been marked as a duplicate of this bug. ***
Created attachment 18450 [details] Patches for v4-21-test
Comment on attachment 18450 [details] Patches for v4-21-test lgtm
reassign to Jule for inclusion with 4.21
Pushed to autobuild-v4-21-test.
This bug was referenced in samba v4-21-test: 52772aed8b48543de715ac546ca8571ab492eb9e d583d40ca328db2a6b8af05bfdc79f766d9955de 4bec0a7fd109370fbfb6daca85fd293b0f430b8a
Closing out bug report. Thanks!