I have configured a WLC (18.104.22.168 model 2100) with authentiacion PEAP with IAS and a DA of Microsoft Windows 2003. I have been reading in the documentation "PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)" that in the installation proccess of Active Directory it must select the option "Permissions compatible with pre-Windows 2000 server operation systems". In my scenario the other option was chosen "Permissions compatible only with Windows 200 or Windows Server 2003 operations system".
I have test this scenario and it does not work.
Is there some configuration in the WLC so that it can work without having to reinstall the AD?
For the most part the WLC doesn't care about what type of authentication is being used. It really is just proxying the requests between the client and Radius server.
I would make sure your EAP timer are extended with the commands:
config advanced eap identity-request-timeout 10
config advanced eap request-timeout 10