network policy + WPA enterprise (tkip) Windows 2008 R2

Question

hi I've attempted the following guide and in a bit of a pickle.
http://techblog.mirabito.net.au/?p=87

My main goal is to have a username / password based wireless authentication with active directory integration.

I keep getting the error

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.
User:
Security ID: domain\rhysbeta
Account Name: rhysbeta
Account Domain: domain Fully Qualified Account Name: domain\rhysbeta

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00-12-BF-00-71-3C:wirelessname
Calling Station Identifier: 00-23-76-5D-1E-31

NAS:
NAS IPv4 Address: 0.0.0.0
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 2

RADIUS Client:
Client Friendly Name: Belkin54g
Client IP Address: x.x.x.10

Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: srvr.example.com
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 22
Reason: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
`

I would love to have it so that non domain devices

Answer 1

Start diagnosting from CAPI2 (Eventlog -> Applications and Services -> Microsoft -> CAPI2 -> Operational -> Enable). There are tons of things you can miss. First diagnose on client side, second on server side. There also was an issue with SChannel when you have too many trusted Root CAs installed on your system.