diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index c6220eae4..9ca03650f 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -808,6 +808,7 @@ check_addresses(krb5_context context,
     krb5_error_code ret;
     krb5_address addr;
     krb5_boolean result;
+    krb5_boolean only_netbios = TRUE;
     int i;
     
     if(config->check_ticket_addresses == 0)
@@ -816,6 +817,21 @@ check_addresses(krb5_context context,
     if(addresses == NULL)
 	return config->allow_null_ticket_addresses;
     
+    for (i = 0; i < addresses->len; ++i) {
+	if (addresses->val[i].addr_type != KRB5_ADDRESS_NETBIOS) {
+	    only_netbios = FALSE;
+	}
+    }
+
+    /* Windows sends it's netbios name, which I can only assume is
+     * used for the 'allowed workstations' check.  This is painful,
+     * but we still want to check IP addresses if they happen to be
+     * present.
+     */
+
+    if(only_netbios)
+	return config->allow_null_ticket_addresses;
+
     ret = krb5_sockaddr2address (context, from, &addr);
     if(ret)
 	return FALSE;