Problems validating windows
This is a classic bring-your-own-device network, think university halls of residence.
The user will be logged in locally when they click connect.
This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.
When you list root CAs from other organizations in the "CA_file", you permit them to masquerade as you, to authenticate your users, and to issue client certificates for EAP-TLS. It is easy enough to distribute certificates using GPOs. Baring that, do your own star certificate (that is signed by a Root CA), you could sign your RADIUS server's certificate with?
In production I learned pretty quickly that Windows didn't like it at all.
This week when I get in, I notice that my phone can not connect to the wireless.
Then my Windows 10 laptop could not connect (both have connected before).
I would take that to mean that you cannot use a direct IP address to get at your radius server, less the certificate not be able to validate.
technet.microsoft.com/en-us/library/cc731363(v=ws.10)You need to distribute your RADIUS server's certificate (if it was self-signed) or the certificate of the Certificate Authority that signed it to your clients.