I don't know if my chiming in will make a difference or not.But windows can authenticate with a machine certificate or a user certificate....If you're doing the machine certificates, please say so, I'm a little confused as to what exactly you are doing now.
I don't now if you're asking this to me or to Alexandros.The setup I propose corresponds to a machine authentication (Windows XP authenticates automatically at startup time) and not to a user authentication.
The complete setup is explained in this previous post http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg28499.html
I thought this was Alexandros's case as well as he wrote:"I do only a machine-authentication, every machine which has a valid cert can connect to the network... I write the explicit hostname in the users file"
Alexandros do you confirm that you are not trying to authenticate the user, but only the host at boot time ?
Thibault