You need to use RADIUS to accomplish this.
In NPS you need to create a policy using PAP as the authentication method.
- First create AAA Profile using your current RADIUS server group pointed to the NPS server within the AAA Profile add a NAS-ID of your choice
- Create a Policy in NPS with the NAS-ID you used in the previous step and also add the AD group you would like to allowed , the authentication type needs to be PAP (Unsecured). This rule should be move to the top.
- Finally in the Controller point the management to the new AAA profile with local fallback
Pardon typos sent from Mobile
Pardon typos sent from Mobile