In general, it is a good idea not to use this option if the WLAN has non−Windows clients.
This is because the more strict controls might induce connectivity issues, based on how the DHCP client side is implemented.
I have already tried rebooting the server, and reinstalling RRAS/NPS.
(Side note: when removing NPS, all configuration is preserved, and is still present after the reinstall.) Short of setting up a completely new server, I'm at my wits end.
Has anybody else had problems like this with RRAS/NPS?
2011-10-17 Update: Added the complete text of Event ID 6274 Network Policy Server discarded the request for a user.
A fundamental component of RADIUS is a client's validation of the RADIUS server's identity.
This is accomplished by hosting a certificate on the RADIUS server that has been validated by a trusted Certificate Authority (CA).
We use a computer running Windows Server 2008 (32-bit) with the RRAS and NPS roles to authenticate users for VPN and wireless access over RADIUS.
Check the system event log for additional information.
CDP is not supported on the controllers that are integrated into Cisco switches and routers, including those in the Catalyst 3750G Integrated Wireless LAN Controller Switch, the Cisco Wi SM, and the Cisco 28/37/38xx Series Integrated Services Router.
I suspect a firmware upgrade probably fixes that behaviour. If you want to accept both computer credentials and user credentials you'll need to name both "Domain Comptuers" and "Domain Users" in your policy.
By default, XP will re-authenticate with the user credential after the user logs-on (there is no way to do computer-only with XP, I believe).