We have a single network & zone which contains both domain-joined and non-domain-joined devices.*
For domain-joined devices, we use STAS and all is well.
For non-domain-joined devices, we WANT to use captive portal to ask the user to login. However, because they are in the same zone as domain-joined devices, AD SSO is enabled on the Device Access...
This means that the non-domain devices are automatically redirected to myfirewall:8091 which either results in a Kerberos login box or a connection closed message (latter maybe if first is cancelled/ignored?).
How can we configure things so that non-AD device users are redirected to the captive portal and not to the Kerberos login box?
At present, the only workaround is either to login via Kerberos login box (with random logout time) OR manually navigate to https://myfirewall:8090
I feel we are doing something wrong, just not sure what.
Thanks,
Ian.
*These are part of our internal network which is not routed through Sophos and therefore it is not possible to get Sophos to view them as a different network/zone.
This thread was automatically locked due to age.
