Hello Cody, I am not sure that you will get a lot of responses to this. So I can throw in my two cents.
We have been utilizing Microsoft NPA for the past few years without any problems. But this is just performing the job and actions of a RADIUS server and it sounds like you may be trying to avoid that. I can say that setting it all up is a bit tedious and took a lot of trial and error. For us, we wanted to allow a domain joined PC to join a particular network without the need for a password. And we did by using a group policy that forces domain joined PC's to obtain a device certificate with a particular server. And then a valid cert is required by the NPA server. Of course, the laptop must be a Windows device - and it must be physically connected to the network, before being placed on wireless.
But that is just one way to do it. With NPA you can define any one requirement for a host - or several. So, we could insist that our wireless users provider their active directory username and password, and then also be on a list of MAC addresses, etc.
