Using "Machine" will fix that condition. You will have to delete the first certificate and wireless configuration from the machine and re-onboard it.
EDIT FOR MORE CLARIFICATION: When you use "Machine or User", a machine certificate and user certificate (only for that user) is deployed to the machine, but the second user who attempts to log in, does not have a user certificate so that they cannot connect to the wireless. The only purpose for user and machine is if you only want a single user to be able to login, but you still want the machine to be connected and be able to be managed at the ctrl-alt-delete screen.
If you need ALL users to login, use machine only so that only a machine certificate is deployed, but all users will be able to use that certificate to connect to the wireless. They still will have to login to the machine with their AD credentials to gain access to anything. When a user logs off, the machine can still be connected to the wireless and manageable at the ctrl-alt-delete screen. This is the best setup for a multi-user environment.