diff --git a/bareos/bsock/lowlevel.py b/bareos/bsock/lowlevel.py
index 5e5fd385db9..042fa68f7e8 100644
--- a/bareos/bsock/lowlevel.py
+++ b/bareos/bsock/lowlevel.py
@@ -346,8 +346,15 @@ def _cram_md5_respond(self, password, tls_remote_need=0, compatible=True):
         except RuntimeError:
             self.logger.error("RuntimeError exception in recv")
             return (0, True, False)
+        
+        # invalid username
+        if ProtocolMessages.is_not_authorized(msg):
+            self.logger.error("failed: " + str(msg))
+            return (0, True, False)
+        
         # check the receive message
         self.logger.debug("(recv): " + str(msg))
+        
         msg_list = msg.split(b" ")
         chal = msg_list[2]
         # get th timestamp and the tle info from director response
diff --git a/bareos/bsock/protocolmessages.py b/bareos/bsock/protocolmessages.py
index 78fb3a90645..0db3642df8b 100644
--- a/bareos/bsock/protocolmessages.py
+++ b/bareos/bsock/protocolmessages.py
@@ -27,6 +27,14 @@ def auth_ok():
     def auth_failed():
         return b"1999 Authorization failed.\n"
 
+    @staticmethod
+    def not_authorized():
+        return b"1999 You are not authorized.\n"
+
     @staticmethod
     def is_auth_ok(msg):
         return msg == ProtocolMessages.auth_ok()
+
+    @staticmethod
+    def is_not_authorized(msg):
+        return msg == ProtocolMessages.not_authorized()
\ No newline at end of file