1 files changed, 7 insertions, 2 deletions

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e535f17e49..c81baa53dc 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -169,6 +169,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	char *real_username;
 	bool username_was_mapped = false;
 	bool map_domainuser_to_guest = false;
+	bool guest = false;
 
 	if (!spnego_parse_krb5_wrap(talloc_tos(), *secblob, &ticket, tok_id)) {
 		status = NT_STATUS_LOGON_FAILURE;
@@ -232,6 +233,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
 		/* force no signing */
 		session->do_signing = false;
+		guest = true;
 	}
 
 	session->session_key = session->session_info->session_key;
@@ -267,7 +269,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	 * so that the response can be signed
 	 */
 	smb2req->session = session;
-	if (session->do_signing) {
+	if (guest) {
 		smb2req->do_signing = true;
 	}
 
@@ -429,6 +431,8 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 					uint16_t *out_session_flags,
 					uint64_t *out_session_id)
 {
+	bool guest = false;
+
 	if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
 	    lp_server_signing() == Required) {
 		session->do_signing = true;
@@ -440,6 +444,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
 		/* force no signing */
 		session->do_signing = false;
+		guest = true;
 	}
 
 	session->session_key = session->session_info->session_key;
@@ -479,7 +484,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 	 * so that the response can be signed
 	 */
 	smb2req->session = session;
-	if (session->do_signing) {
+	if (!guest) {
 		smb2req->do_signing = true;
 	}