Users bypass a logon prompt to circumvent web policies

If a user logs on to a RADIUS server as a local user, the user is identified as RADIUS_SERVER_HOST\username. Because user-based policies require that the user belong to a domain or LDAP container, a local user receives the policy assigned to the computer (IP address) or network (IP address range), or the Default policy.

Run TestLogServer to see if the user is logged on locally (see Using TestLogServer for Troubleshooting).