diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
index dd39f245b..2e85e788c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
@@ -104,8 +104,16 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
 
         }
 
-        // Update password if password is expired
+        // Veto authentication result if account is required but unavailable
+        // due to account restrictions
         UserModel userModel = user.getModel();
+        if (environment.isUserRequired()
+                && (userModel.isDisabled() || !user.isAccountValid() || !user.isAccountAccessible())) {
+                throw new GuacamoleInvalidCredentialsException("Invalid login",
+                        CredentialsInfo.USERNAME_PASSWORD);
+        }
+
+        // Update password if password is expired
         if (userModel.isExpired() || passwordPolicyService.isPasswordExpired(user))
             userService.resetExpiredPassword(user, authenticatedUser.getCredentials());