Wireless connection always says validating identity
This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.
When you list root CAs from other organizations in the "CA_file", you permit them to masquerade as you, to authenticate your users, and to issue client certificates for EAP-TLS. It is easy enough to distribute certificates using GPOs. Baring that, do your own star certificate (that is signed by a Root CA), you could sign your RADIUS server's certificate with?
Eduroam is another popular choice for educational organizations.
I know this post is really old, however, this is similar to my issue except that last week, any client could connect to my wireless network and this week they can not. The windows/android/iphone clients were able to connect with 802.1x verifying against a local, Aruba based database of one user name.
From a security standpoint the best option is setup a captive portal.
Students can use their BYOD devices to connect and reach the portal, pass their user authentication credentials to the portal and the portal can then talk to the RADIUS server.
I could conceivably build my own RADIUS server and intercept your user's AD credentials.Since I had a hard deadline to get it up and running, it was only tested with Android and i OS, neither of which had any real problem.