Why did you create a dhcp subnet for the network 10.x.x.x?
You should remove it.
The captive portal works only if your clients contact the tcp port 80 (http) and 443 (https). In that case the browser will be redirect on the authentication page. If you use a proxy you don’t use those tcp ports and the captive portal is not able to redirect your clients.
This is not true if your organization use a transparent proxy, because in this case you don’t need to configure the web browser to use different http and https ports.