diff -ruN samba-3.5.3.a/source3/auth/auth_sam.c samba-3.5.3.b/source3/auth/auth_sam.c
--- samba-3.5.3.a/source3/auth/auth_sam.c	2010-05-17 13:51:23.000000000 +0200
+++ samba-3.5.3.b/source3/auth/auth_sam.c	2010-05-21 13:40:37.437251107 +0200
@@ -78,6 +78,9 @@
 	}
 
 	if (client_lm_hash || client_nt_hash) {
+		if (!nt_pw) {
+			return NT_STATUS_WRONG_PASSWORD;
+		}
 		*user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
 		if (!user_sess_key->data) {
 			return NT_STATUS_NO_MEMORY;