This is a regression, With < samba-4.21 after a successful 'net ads leave' samba < 4.21 tw2024:~ # net --version Version 4.20.4-git.356.d4a5fa2a818SUSE-oS16.9-x86_64 tw2024:~ # net ads testjoin Join to domain is not valid: NT code 0xfffffff6 samba 4.21 tw2024:~/4-21-samba # ./bin/net --version Version 4.21.0 tw2024:~/4-21-samba # ./bin/net ads testjoin Join is OK even though there is no local machine account in this instance 'net' falls back to Anonymous authentication and manages to set up a connection to the ads in the older versions there was an override which would manually use the machine name as user (and a null password) in the same scenario. The ads connection has been rewritten and afaic we can no longer pass those credentials via struct net_context e.g. (in samba 4.20) see net_use_krb_machine_account seems to me we can detect this situation early and instead of even trying to call ads_startup (which would fail due to lack of machine password) in the old case just exit early with the same error
*** This bug has been marked as a duplicate of bug 15714 ***