In PEAP it is not necessary to have CA installed to each client, it works without CA installed on the client but it is less secure.
In case of PEAP, certificates are used to validate the server. The use of root certificate on the client is only limited to validating the server. When we keep the
option 'validate server certificate 'unchecked on the client it does not try to validate
the server and the server gets authenticated without any validation.
However, when we keep the option checked then it explicitly checks for the root certificate on the client to validate the server.
Installing CA on the client would provide an additional layer of security, if someone that was trying to spoof your server would have to have created a server certificate from another Root CA unknown to your client. In this case, if the validate box is checked, then the
connection should fail because the client does not trust the Root CA that the server certificate being presented, was generated from. If the check box was not checked, then the client would accept encrypted communications from ANY server posing as a EAP authentication source.