The following is the setup.
WLC 4404 running 220.127.116.11 code. 1142N LAPs. ACS ver 3.2 is the radius server and is tied to AD.
I tested with three different models of laptops, two worked and one did not. The first laptop that worked: IBM (not on domain) with WinXP Pro and Intel wireless NIC. Used Intel ProSet utility with a user in the domain. The second laptop that worked: Dell with Vista and also Intel NIC. This laptop was part of the domain, it also worked. The laptop that is not working (LEAP does work though) is a HP/Compaq with WinXP Pro and Broadcom wireless NIC. This laptop is also in the domain. I'm using the Broadcom wireless utility. I tried different versions of the utility but no success. The ACS Failed Attempt log says the PAC has been provisioned to the user under the Authentication failure reason. The WLC shows authentication failed. Attached is a 'debug aaa events' from the WLC.