Hello,
I am using radius (on windows+AD) to authenticate wifi users for certain SSID's. However, if I plug a PC via lan and login to windows domain, unless I open web browser and authenticate again I don't have internet connection.
Can I get rid of this local users authentication? For example, if they log into their own domain accouts, they would have internet connection, and leave the WiFi radius (NPS) authentication?
That's some of my wifi's ssid configuration
Should I change some policies or something? I have a policy, that allows those (for example) WiFi_UG to access wan ( i tried to add also some wifi addresses but nothing changes, they still need to authenticate on browser)
I don't think I do anything more. It looks like a captive portal for me, but on the wan interface or my firewall policy I have nothing extra. The security mode on VLANs (where the captive portal can be enabled) is off
thats my wan:
thats my VLAN config
and thats my policy to access to the Internet
(I know, that I have 'all' and then specified groups, was testing how to get rid of this authentication for LAN users)
If I check logs and user events, all of my LAN users authenticate as a 'wifi-group', even if they are connected just by cable
hmm, what if I would turn on captive portal for example for vlan10, and then just exempt source vlan10. Might it work?
