diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index cb4be7f6507c..3927dfa78366 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -259,12 +259,19 @@ static bool smb_sess_key_ntlmv2(TALLOC_CTX *mem_ctx,
 
 NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
 			     bool lanman_auth,
+			     enum ntlm_auth_level ntlm_auth,
 			     const struct samr_Password *client_lanman,
 			     const struct samr_Password *client_nt,
 			     const char *username, 
 			     const struct samr_Password *stored_lanman, 
 			     const struct samr_Password *stored_nt)
 {
+	if (ntlm_auth == NTLM_AUTH_DISABLED) {
+		DBG_WARNING("hash_password_check: NTLM authentication not "
+			    "permitted by configuration.\n");
+		return NT_STATUS_NTLM_BLOCKED;
+	}
+
 	if (stored_nt == NULL) {
 		DEBUG(3,("hash_password_check: NO NT password stored for user %s.\n",
 			 username));
@@ -387,6 +394,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 		}
 		return hash_password_check(mem_ctx, 
 					   lanman_auth,
+					   ntlm_auth,
 					   lm_ok ? &client_lm : NULL, 
 					   nt_response->length ? &client_nt : NULL, 
 					   username,  
diff --git a/libcli/auth/ntlm_check.h b/libcli/auth/ntlm_check.h
index 86cab9b2d13a..3fcd1f4ccbbe 100644
--- a/libcli/auth/ntlm_check.h
+++ b/libcli/auth/ntlm_check.h
@@ -45,6 +45,7 @@ struct samr_Password;
 
 NTSTATUS hash_password_check(TALLOC_CTX *mem_ctx,
 				 bool lanman_auth,
+			     enum ntlm_auth_level ntlm_auth,
 			     const struct samr_Password *client_lanman,
 			     const struct samr_Password *client_nt,
 			     const char *username, 
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 1b346b438706..30125809563c 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -73,6 +73,7 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
 	switch (user_info->password_state) {
 	case AUTH_PASSWORD_HASH:
 		status = hash_password_check(mem_ctx, lp_lanman_auth(),
+					     lp_ntlm_auth(),
 					     user_info->password.hash.lanman,
 					     user_info->password.hash.nt,
 					     username,
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 3e2cf16b9e4e..b46b1da82139 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -125,6 +125,7 @@ static NTSTATUS authsam_password_ok(struct auth4_context *auth_context,
 		*user_sess_key = data_blob(NULL, 0);
 		status = hash_password_check(mem_ctx, 
 					     false,
+					     lpcfg_ntlm_auth(auth_context->lp_ctx),
 					     NULL,
 					     user_info->password.hash.nt,
 					     user_info->mapped.account_name,