When an account is disabled the expected behavior is that the access would be forbiden whatever the access protocol is. If disabled the account is not accessible through HTTP as expected but accessible through CIFS. FTP is blocked as expected. It should be the same for all protocols.
How to reproduce:
-Install an AOB 4.0.x version.
-Create an user in SHARE (would be the same with JSF client).
-Check that you can access using CIFS and SHARE using the newly created user.
-Deactivate the newly created detail usin SHARE UI (got to user details and check "disable account").
- Try to log in SHARE using the disabled user. As expected you can't.
-Try to mount an "alfreso" drive using CIFS and the disabled user, it works, you can still access Alfresco. The expected result is that you would be blocked, it is not the case.