I am writing some Java code that authenticates to Active Directory using SASL GSSAPI. Mostly this code is working fine but for one user I am getting the response:

javax.naming.AuthenticationException: [LDAP: error code 49 - 8
0090304: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 568,
v1772 ]

I know that 49 means this is an authentication failure, and that the relevant sub code is 568, but I am only aware of the following meanings for that data:

• 525 - user not found
• 52e - invalid credentials
• 530 - not permitted to logon at this time
• 532 - password expired
• 533 - account disabled
• 701 - account expired
• 773 - user must reset password

So far I am unable to find an authorative source of these error codes from Microsoft (this list is pieced together from forum posts) and I can't find anything for that 568 error.

Does anyone know what it means?