Our goal: To have a single SSID that requires you to be a part of an AD group in order to connect. Upon connection you are brought to a web portal that you authenticate with AD credentials. If you're a member of the AD group, auth succeeds. If you're not, auth fails.
We currently have 802.1X setup for our main WLANs using RADIUS/NPS and that is working fine. We now have come to where we need a BYOD WLAN configured for a certain subset of users. I attempted to create a new network policy inside of NPS looking for the NAS-ID of the WLAN (custom ID) and the Network Policy looks at AD group membership. The Network Policy is using PAP/CHAP for this specific BYOD policy.
When assigning Web Authentication to the WLAN, all user login attempts fail with invalid Username/PW.
When assigning Hotspot WISPr profile to the WLAN, AD auth works as designed.
Why would I be seeing two different results for each portal type, meanwhile they both use the same AAA server (SZ proxied).