diff -Nru samba-4.3.9+dfsg/debian/changelog samba-4.3.9+dfsg/debian/changelog
--- samba-4.3.9+dfsg/debian/changelog	2016-08-11 10:39:13.000000000 +0200
+++ samba-4.3.9+dfsg/debian/changelog	2016-09-04 23:17:54.000000000 +0200
@@ -1,4 +1,4 @@
-samba (2:4.3.9+dfsg-0ubuntu0.16.04.3) xenial; urgency=medium
+samba (2:4.3.9+dfsg-0ubuntu0.16.04.6) xenial; urgency=medium
 
   * debian/patches/git_smbclient_cpu.patch:
     - backport upstream patch to fix smbclient users hanging/eating cpu on
diff -Nru samba-4.3.9+dfsg/debian/patches/samba-bug11910.patch samba-4.3.9+dfsg/debian/patches/samba-bug11910.patch
--- samba-4.3.9+dfsg/debian/patches/samba-bug11910.patch	1970-01-01 01:00:00.000000000 +0100
+++ samba-4.3.9+dfsg/debian/patches/samba-bug11910.patch	2016-09-04 21:56:55.000000000 +0200
@@ -0,0 +1,71 @@
+From fd1cd381da9a0c973325c72ccfea854eec85c07b Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 18 May 2016 09:56:02 +0200
+Subject: [PATCH] s3:smbd: fix anonymous authentication if signing is mandatory
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
+Autobuild-Date(master): Wed May 18 15:49:46 CEST 2016 on sn-devel-144
+
+(cherry picked from commit aa5760433b219de7b41d35ca7ad6d4d702b89adf)
+---
+ source3/smbd/sesssetup.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
+index 7774b66..e00704c 100644
+--- a/source3/smbd/sesssetup.c
++++ b/source3/smbd/sesssetup.c
+@@ -135,6 +135,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
+ 	struct smbXsrv_connection *xconn = req->xconn;
+ 	struct smbd_server_connection *sconn = req->sconn;
+ 	uint16_t action = 0;
++	bool is_authenticated = false;
+ 	NTTIME now = timeval_to_nttime(&req->request_time);
+ 	struct smbXsrv_session *session = NULL;
+ 	uint16_t smb_bufsize = SVAL(req->vwv+2, 0);
+@@ -328,12 +329,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
+ 		sconn->num_users++;
+ 
+ 		if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
++			is_authenticated = true;
+ 			session->compat->homes_snum =
+ 				register_homes_share(session_info->unix_info->unix_name);
+ 		}
+ 
+ 		if (srv_is_signing_negotiated(xconn) &&
+-		    action == 0 &&
++		    is_authenticated &&
+ 		    session->global->signing_key.length > 0)
+ 		{
+ 			/*
+@@ -593,6 +595,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
+ 	struct auth_session_info *session_info = NULL;
+ 	uint16_t smb_flag2 = req->flags2;
+ 	uint16_t action = 0;
++	bool is_authenticated = false;
+ 	NTTIME now = timeval_to_nttime(&req->request_time);
+ 	struct smbXsrv_session *session = NULL;
+ 	NTSTATUS nt_status;
+@@ -1030,12 +1033,13 @@ void reply_sesssetup_and_X(struct smb_request *req)
+ 	sconn->num_users++;
+ 
+ 	if (security_session_user_level(session_info, NULL) >= SECURITY_USER) {
++		is_authenticated = true;
+ 		session->compat->homes_snum =
+ 			register_homes_share(session_info->unix_info->unix_name);
+ 	}
+ 
+ 	if (srv_is_signing_negotiated(xconn) &&
+-	    action == 0 &&
++	    is_authenticated &&
+ 	    session->global->signing_key.length > 0)
+ 	{
+ 		/*
+-- 
+1.9.1
+
diff -Nru samba-4.3.9+dfsg/debian/patches/series samba-4.3.9+dfsg/debian/patches/series
--- samba-4.3.9+dfsg/debian/patches/series	2016-08-10 11:12:51.000000000 +0200
+++ samba-4.3.9+dfsg/debian/patches/series	2016-09-04 23:18:45.000000000 +0200
@@ -16,6 +16,7 @@
 disable-socketwrapper.diff
 krb_zero_cursor.patch
 winbind_trusted_domains.patch
+samba-bug11910.patch
 samba-bug11912.patch
 samba-bug11914.patch