I have tested selfsing certificate, it works. I had to copy the ca.cert into windows client. 

Pretty much what this link describes. 

http://kirkkosinski.com/2012/10/securing-wi-fi-with-peap-and-freeradius-on-centos/

Now, i have signed certificate from our CA added into eap.conf then imported ca.pem into windows machine. 7 machine and try to authenticate, it always fails. but If I check off the validate server certificate on M$$$$$client machine it works. 

I have following in my eap.conf 
     tls {
                        certdir = ${confdir}/certs
                        cadir = ${confdir}/certs
                        private_key_file = ${certdir}/myhost.example.key
                        certificate_file = ${certdir}/myhost.example.crt
                        CA_file = ${certdir}/ca.pem
                        dh_file = ${certdir}/dh
                        random_file = /dev/urandom
                        fragment_size = 1024
                        include_length = yes
                        check_crl = no
                        cipher_list = "DEFAULT"
                }

freeradius version is freeradius-2.1.10-5.el6.x86_64 and Red Hat Enterprise Linux Server release 6.1

This M$ is giving me nightmare :) 

any idea on this would be great