I had this problem too and found out via Wireshark Capture that MD5 EAP Type is being used. This is odd as the regular WPA2-Enterprise RADIUS uses EAP-PEAP while the Captive Portal Uses EAP-MD5, a relatively insecure protocol to be using for this purpose.
Nonetheless, I am authenticating against NPS Service in Windows Server 2012 R2, and in order to get MD5-Challenge to appear as an option for Authentication Method in your Network Policy, you must add this feature back into the Windows Registry and restart the NPS Service.
After this is done, you must enable "Store Password Using Reversible Encryption" on the Active Directory user account you are going to be using for the Captive Portal, and then reset the password (even if you are going to be using the same password) to allow Active Directory to regenerate a new hash that allows for reversible encryption, otherwise you will get either "IAS_AUTH_FAILURE" or "No reversibly encrypted password is stored for the user account"
After all this is done, you should be able to login via your Domain Credentials and get an "IAS_SUCCESS" in your log.
Here is the registry key that must be imported to enable EAP-MD5 in Windows NPS. Simply copy and paste into Notepad and save it as a .REG file.
Note: This has only been tested on Windows Server 2012 R2.
Get to Know the WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN
The WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE Local Area Network (LAN) delivers secure and reliable wireless connectivity. It ...
Product Specifications of the WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN
The WAP581 Wireless-AC/N Dual Radio Access Point with 2.5GbE LAN delivers secure and reliable wireless connectivity. It allows you t...
Configure the Single Point Setup on the WAP581
A Wireless Access Point (WAP) connects to a router and serves as a node to the Wireless Local Area Network (WLAN). Clustering is when multiple WAPs are joined on the same netwo...