diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index b3bbaa4..25e4034 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1151,7 +1151,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_server(TALLOC_CTX *mem_ctx,
 *******************************************************************/
 
 static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_msg,
-				DATA_BLOB *reply)
+				DATA_BLOB *reply, DATA_BLOB *session_key)
 {
 	struct winbindd_request wb_request;
 	struct winbindd_response wb_response;
@@ -1211,9 +1211,18 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m
 			return NT_STATUS_NO_MEMORY;
 		}
 	}
-
+	if (session_key) {
+		*session_key = data_blob(wb_response.data.ccache_ntlm_auth.session_key,
+					 sizeof(wb_response.data.ccache_ntlm_auth.session_key));
+		if (session_key->data == NULL) {
+			if (reply)
+				data_blob_free(reply);
+			winbindd_free_response(&wb_response);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
 	winbindd_free_response(&wb_response);
-	return NT_STATUS_MORE_PROCESSING_REQUIRED;
+	return NT_STATUS_OK;
 }
 
 static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode,
@@ -1271,8 +1280,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 		/* check whether cached credentials are usable. */
 		DATA_BLOB empty_blob = data_blob_null;
 
-		nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL);
-		if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+		nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL, NULL);
+		if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_OK)) {
 			/* failed to use cached creds */
 			use_cached_creds = False;
 		}
@@ -1344,10 +1353,23 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 	if (use_cached_creds && !opt_password &&
 			(state->cli_state == CLIENT_RESPONSE)) {
 		nt_status = do_ccache_ntlm_auth(state->initial_message, request,
-				&reply);
+						&reply, &state->session_key);
+		if (NT_STATUS_IS_OK(nt_status)) {
+			state->have_session_key = true;
+		}
 	} else {
 		nt_status = ntlmssp_update(state->ntlmssp_state, request,
 				&reply);
+		if (NT_STATUS_IS_OK(nt_status)) {
+			if(state->have_session_key)
+				data_blob_free(&state->session_key);
+
+			state->session_key = data_blob(
+					state->ntlmssp_state->session_key.data,
+					state->ntlmssp_state->session_key.length);
+			state->neg_flags = state->ntlmssp_state->neg_flags;
+			state->have_session_key = true;
+		}
 	}
 
 	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
@@ -1369,15 +1391,6 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 		x_fprintf(x_stdout, "AF %s\n", reply_base64);
 		TALLOC_FREE(reply_base64);
 
-		if(state->have_session_key)
-			data_blob_free(&state->session_key);
-
-		state->session_key = data_blob(
-				state->ntlmssp_state->session_key.data,
-				state->ntlmssp_state->session_key.length);
-		state->neg_flags = state->ntlmssp_state->neg_flags;
-		state->have_session_key = true;
-
 		DEBUG(10, ("NTLMSSP OK!\n"));
 		state->cli_state = CLIENT_FINISHED;
 		TALLOC_FREE(state->ntlmssp_state);