not sure how relevant this is for you still. but you dont configure an internal radius server on the radius controller. you terminate the session and then the authentication is done against the LDAP server.
for this you configure an AAA profile with an dot1x profile in which you enable termination and apply a server group with the ldap server in it.
but as cjoseph points out you need a seperate client on the clients (specially windows) to do EAP-PEAP/GTC as that isnt natively supported. it would make things much easier if you can introduce and actual radius server. of course there is Aruba ClearPass which would be great to use. but Microsoft server can use NPS or you could look to some linux based free alternatives, i.e. freeradius.