Looking for a way to authenticate Macs and Windows in RADIUS via different rules (Windows NPS)

Hi, everyone.

We have a Windows 2008 R2 Server AD Domain with Network Policy Server installed, also a Local Certificate Authority up and running, in order to support Certificate-based authentication with EAP-TLS. Currently we have something like ~150 Windows 7 clients using EAP-TLS and everything was just fine, until the first Mac arrived. It's a Macbook Pro running Os X 10.10.4. We've searched the internet, only to find out that it's recommended to use PEAP for Macs, although some sources indicate that it's possible to use EAP-TLS with Os X. Finally we've managed to set up PEAP authentication correctly, and Mac computers worked just fine, but at the same time, when we enabled PEAP authentication rule, its settings took predescence over previous (EAP-TLS) settings and Windows computers started to ask for credentials.

So the main question is:

is it possible to use two different types of authentication at the same time, in a manner that Mac computers are going to use PEAP authentication and Windows computers would still use EAP-TLS?

Our first guess was to make some rule that will try to inspect MAC address of a client, so we can filter our clients based on the first part of their MAC address, i'm not sure how how good the idea was, but we failed this.

Our second guess was, that maybe there was a simple way to install needed certificates beforehand, so Macs will use the certificate, in order to authenticate using EAP-TLS.

PS

I hope i chose the right section to post to, if not, it's my first try, please move it where it belongs.