If you want to do this through the GUI, then do this.
1: Let's assume you have a functional network on the 10.99.99.0/24 subnet. This means that a DHCP server, DNS, and other support services are running. Let's assume you have an existing Router at 10.99.99.1 and your existing OS X server is at 10.99.99.20.
2: Power on your Airport but don't plug it into your network. If you do, and it is in DHCP/NAT mode, it will start handing out IP addresses on the 10.0.0.0/24 subnet (this is the default)
3: Instead, grab a laptop or other workstation and connect the two units in isolation. Once you do this, configure the Airport to have a fixed IP address on the 10.99.99.0/24 subnet. Let's say address 10.99.99.30.
4: Now that the unit is configured to be on the same subnet as the server and remaining infrastructure, go to your server and ensure that you have an SSL certificate in place if desired.
5: Disconnect your server from the LAN and plug it directly into the Airport. If you must, temporarily change the router address of your server from 10.99.99.1 to 10.99.99.30 to trick the server into believing the Airport is the gateway (which seems to be what Apple wants it to be). When you connect directly, yes, the unit will still be broadcasting DHCP. But the server is using a fixed address so who cares.
6: Quit an launch Server.app. The base station should appear in the list of hardware.
7: Select the device and complete the setup options to enable RADIUS auth on the airport. Use sudo serveradmin settings radius to see what was done.
8: Once the Radius config is complete, connect to the Airport from the server (over ethernet) using Airport Utility and change the mode from NAT/DHCP to Bridge. Save settings and let the unit reboot.
9: Connect both the Airport and the server back to your LAN (remember to change the router address of the server back to 10.99.99.1 if you changed it).
10: Connect a wireless device and get RADIUS joy.