Hi Guys ,
Can you give more details please?
Okay ,
users are part of the the domain (active directory) once they are login in to they PC , they should automatically connected to the ssid wit encryption 802.1x with custom radius , but they have to enter they user name and password to be able to connect on the ssid , that s what it is happening .
Check if this option is enabled.
The best way is to enable single sign on for the WLAN. If you are on a new Windows release you perhaps have to disable Credential Guard for this to work. Using client Certificates would be the better option. And all these options are ideally pushed with GPOs.
I don't want to assume anything, so if it's ok, can I confirm a few things first. When you say that it is using a custom radius, is the option selected 'my Radius server' from the option under Security>Enterprise with in the Wireless>Access Control part of the dashboard?
If so, I assume that under the Radius settings you have it configured to point to the radius server, which is what I'm ultimately trying to lead you too. This could be an ISE appliance/Service or any other Radius server, but this is where I think you need to start your actual investigation as it is the configuration within the Radius server which will tell you how clients/devices are authenticating the network.
Which protocol is the policy that your clients should be matching to within the radius server (Apologies I'm using ISE terminology (I think)) EAP-TLS, PEAP, MS-CHAP...etc. How are clients/devices to authenticate, with a username/password or with a certificate, potentially both. The protocol will kinda determine which authentication method is to be used.
I know that you have said that entering credentials allows the users to login, but it may well be that users/devices are actually supposed to authenticate with certificates, but the radius also allows username/password.
I've had issue previously where computer accounts weren't located within the correct OU in AD, so a GPO which assigned the configuration for the wireless connection haven't been pushed out.
My advise is to start at the radius server, look to see how succesfull clients/devices authenticate, and look to then see why your failed clients don't automatically...I do hope that this does assist you in your investigation.