Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

ERRMSG: User is not authenticated or Undefined WebMarshal User

Expand / Collapse


This article applies to:

  • WebMarshal 

Symptoms:

  • User browsing restricted
  • Error messages:
    • User Is Not Authenticated
    • The user name ... is not known to WebMarshal
    • The current user account is not recognized by WebMarshal
    • The web site was restricted by the rule "Standard Rules\Block - Undefined WebMarshal User"  
       

Information:

These messages are returned in these cases:

  1. The account information for the user who is browsing has not been imported into WebMarshal (from AD, NT, or NDS)
  2. WebMarshal is using IP based (workstation) authentication, and the user is browsing from a workstation that is not within any configured IP group range
  3. The account or IP is configured as a user, but it is not a member of any group that controls access

See below for more information about these cases.

1. User is Not Authenticated - The user name is not known to WebMarshal

This condition can occur when you use account based authentication (AD, NT, or NDS).

When using Windows or NDS authentication, create the appropriate connector and make sure that you import a global user group, or combination of user groups, containing all users that will browse through WebMarshal.

  • To check if the particular user is "known" to WebMarshal, open the web browser on the user's computer, confirm the proxy settings point to the WebMarshal server and browse to http://webmarshal.home
  • If you find that imported AD groups are not updating properly with new or changed members, see Trustwave Knowledge Base article Q12052.
  • After importing new groups, be sure to grant access to the groups or members (see #3 below)


2. User is Not Authenticated: The current user account is not recognized by WebMarshal

When using IP (workstation) based authentication, make sure that you create IP ranges to cover all workstations that will browse through WebMarshal. For more information about configuring IP based authentication, see Trustwave Knowledge Base article Q14512.

 

3. The web site was restricted by the rule "Standard Rules\Block - Undefined WebMarshal User"

This condition can occur when you set up WebMarshal with the default policy.


WebMarshal rules are applied to user groups. The default policy (created with new installations) includes four main user groups. If a user is not a member of any of these groups, they will be denied all access by a catch-all rule found at the beginning of the Standard Rules listing (see the notes below for the definition of this rule).

The quickest way to give browsing permission to users is to add all users, or imported user groups, to one of the default WebMarshal user groups.

  • In the WebMarshal Console, expand Policy Elements > User Groups.
  • To quickly set permissions for many users, drag an imported group into a default WebMarshal group such as Standard Users.
  • You can also select an imported group to view its members, and then drag individual members into a default WebMarshal group.
  • Remember to commit configuration after making changes.

You can also create additional WebMarshal groups and use these in rules.

You can create or edit rules to suit your requirements.  

Best practice for efficient management of policy is NOT to use imported groups directly in rules. Instead:

  • Use the existing WebMarshal groups, or create new WebMarshal groups defined by function (like the default groups).
  • Add the required imported groups (AD, NTLM, NDS, or IP groups), or individual members, to the WebMarshal groups. You can add any number and combination of these groups and users to a WebMarshal group.
  • Use only WebMarshal groups when creating or editing rules.

Notes:

The default catch-all block rule appears as follows:

Block - Undefined WebMarshal User
Block access for all users that don't belong to the default WebMarshal groups. USAGE: New users or groups imported into WebMarshal should be added to a suitable default WebMarshal Group. If no suitable default rule exists, then new groups should be created, and new rules should be written for these users. Add new user groups to the user exclusion list in this rule as required. NOTE: The "Exclude From Reporting" default group is not included in this rule because it does not control access to sites.

When a web request is received
For any users
      Except where the user is a member of Power Users, Restricted Users, Standard Users, Unrestricted Site Access
And where addressed to any URL

Block access to this site and display Blocked page
And do not process any further standard rules




To contact Trustwave about this article or to request support:


Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.