diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index fe6eda269fc..0dcf958f727 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -573,7 +573,7 @@ def backup_offline(src_service_path, dest_tarfile_path, samdb_conn, smb_conf_pat
             src = os.path.join(dirpath, filename)
             dst = os.path.join(dst_dirpath, filename)
             # create an empty file with metadata
-            smbd.create_file(dst, service)
+            smbd.create_file(dst, session_info, service)
             ntacl_sddl_str = ntacls_helper.getntacl(src, session_info, as_sddl=True)
             _create_ntacl_file(dst, ntacl_sddl_str)
 
@@ -637,7 +637,7 @@ def backup_restore(src_tarfile_path, dst_service_path, samdb_conn, smb_conf_path
                 dst = os.path.join(dst_dirpath, filename)
                 if not os.path.isfile(dst):
                     # dst must be absolute path for smbd API
-                    smbd.create_file(dst, service)
+                    smbd.create_file(dst, session_info, service)
 
                 ntacl_sddl_str = _read_ntacl_file(src)
                 if ntacl_sddl_str:
diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py
index d072049cf95..6ac73d4a1b8 100644
--- a/python/samba/tests/ntacls_backup.py
+++ b/python/samba/tests/ntacls_backup.py
@@ -126,7 +126,7 @@ class NtaclsBackupRestoreTests(SmbdBaseTests):
         """
 
         filepath = os.path.join(self.service_root, 'a-file')
-        smbd.create_file(filepath, self.service)
+        smbd.create_file(filepath, system_session_unix(), self.service)
         self.assertTrue(os.path.isfile(filepath))
 
         mode = os.stat(filepath).st_mode
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 2fc197f91ff..39fe875a385 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -1059,10 +1059,13 @@ static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *k
 {
 	const char * const kwnames[] = {
 		"fname",
+		"session_info",
 		"service",
 		NULL
 	};
 	char *fname, *service = NULL;
+	PyObject *py_session = Py_None;
+	struct auth_session_info *session_info = NULL;
 	TALLOC_CTX *frame = talloc_stackframe();
 	struct connection_struct *conn = NULL;
 	struct files_struct *fsp = NULL;
@@ -1070,16 +1073,33 @@ static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *k
 
 	if (!PyArg_ParseTupleAndKeywords(args,
 					 kwargs,
-					 "s|z",
+					 "sO|z",
 					 discard_const_p(char *,
 							 kwnames),
 					 &fname,
+					 &py_session,
 					 &service)) {
 		TALLOC_FREE(frame);
 		return NULL;
 	}
 
-	conn = get_conn_tos(service, NULL);
+	if (!py_check_dcerpc_type(py_session,
+				  "samba.dcerpc.auth",
+				  "session_info")) {
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+	session_info = pytalloc_get_type(py_session,
+					 struct auth_session_info);
+	if (session_info == NULL) {
+		PyErr_Format(PyExc_TypeError,
+			     "Expected auth_session_info for session_info argument got %s",
+			     pytalloc_get_name(py_session));
+		TALLOC_FREE(frame);
+		return NULL;
+	}
+
+	conn = get_conn_tos(service, session_info);
 	if (!conn) {
 		TALLOC_FREE(frame);
 		return NULL;