diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index 3e076b2..7df4c8e 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -516,6 +516,32 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli)
 	p += clistr_pull(cli, cli->server_os, p, sizeof(fstring), -1, STR_TERMINATE);
 
 	/* w2k with kerberos doesn't properly null terminate this field */
+  	len = smb_bufrem(cli->inbuf, p);
+	if (p + len < cli->inbuf + cli->bufsize+SAFETY_MARGIN - 2) {
+		char *end_of_buf = p + len;
+
+		SSVAL(p, len, 0);
+		/* Now it's null terminated. */
+		p += clistr_pull(cli, cli->server_type, p, sizeof(fstring),
+			-1, STR_TERMINATE);
+		/*
+		 * See if there's another string. If so it's the
+		 * server domain (part of the 'standard' Samba
+		 * server signature).
+		 */
+		if (p < end_of_buf) {
+			p += clistr_pull(cli, cli->server_domain, p, sizeof(fstring),
+				-1, STR_TERMINATE);
+		}
+	} else {
+		/*
+		 * No room to null terminate so we can't see if there
+		 * is another string (server_domain) afterwards.
+		 */
+		p += clistr_pull(cli, cli->server_type, p, sizeof(fstring),
+				len, 0);
+	}
+
 	len = smb_buflen(cli->inbuf) - PTR_DIFF(p, smb_buf(cli->inbuf));
 	p += clistr_pull(cli, cli->server_type, p, sizeof(fstring), len, 0);
 
@@ -772,7 +798,9 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
 		DATA_BLOB null_blob = data_blob_null;
 		bool res;
 
-		fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
+		if (cli->server_domain[0] == '\0') {
+			fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
+		}
 		cli_set_session_key(cli, ntlmssp_state->session_key);
 
 		res = cli_simple_set_signing(cli, key, null_blob);