I've set up an NPS, on windows 2019, to be used as Radius server for 802.1x certificate-based autentication.
On NPS I made a connection profile with both Domain Users And Domain Computer so that belonging to one of them should enable to connect to wi-fi, provided that the computer OR the user has a valid Cert.
I found, however, that it seems that the connection only works if "at least" there's the computer certificate.
If a computer has not the certificate but the user does it does not connect.
You have to check these configurations: 1. Certificate via a certification authority
2. NPS - Radius Clients 3. NPS - Connection Request Policy: Condition > NAS Port Type: Wireless - IEEE 802.11 OR Wireless - Other 4. NPS - Network Policy: Condition > Windows Groups (users) 5. GPO: Wireless Network Policy with Authentication Mode: User authentication 6. AccessPoints: WPA-2 Enterprise
Troubleshooting: Logs on the server can be consulted in Event Viewer > Custom Views > Server Roles > Network Policy and Access Services Logs on clients can be consulted in Event Viewer > Applications and Service Logs > Microsoft > Windows > WLAN-Autoconfig > Operational