It seems to be something different when authenticatiing the machine, compared to the user.
Computer:
Network Policy Server granted full access to a user because the host met the defined health policy.
User:
Security ID: DOMAIN\computer_25$
Account Name: host/computer_25.DOMAIN.local
Account Domain: DOMAIN
Fully Qualified Account Name: domain.local/Container/computer_25
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Wireless Mac's
Authentication Provider: Windows
Authentication Server: nas.domain.local
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: -
User:
Network Policy Server denied access to a user.
User:
Security ID: DOMAIN\test
Account Name: test
Account Domain: DOMAIN
Fully Qualified Account Name: domain.local/Users/test
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: nas.domain.local
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 66
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
My question would be - can I configure the Mac's to not worry about user authentication during logon? I am happy with just machine authentication only.
(The same as GPO > Wireless 802.11 Policies > Profile > Security > Authentication Mode: "Computer Authentication" in windows.)