I had updated the firmware for sophos firewall yesterday and after that we are facing the captive portal issue.
We have STAS enabled for domain systems where users can use internet directly after logging into domain pc's, those who are out side domain environment will get a captive portal to access the internet. Since the latest firmware update, we are not getting redirected to the captive portal instead we get the ntlm page. I have attached screenshots. Need a solution.
You should disable NTLM/ADSSO for your Zones in Device Access.
Disable NTLM will not autenticate user by NTLM Kerberos. Is there anothe option?
STAS is a method of authentication.AD SSO is a method of authentication.Having both enabled at the same time causes problems as they both try to authenticate the same connection.So for "Is there another option" the answer is "use the STAS that the original poster said was enabled".
It shouldnt happen on pratice, because i already having problem with STAS autentication, AD SSO should work side STAS to have multiple autentication modes.