I've actually found implementing PEAP to be fairly easy.
Remember that with PEAP, the certificate is basically designed to protect your client - ensure they are connecting to your network and not a rogue or man in middle - your ability to protect who connects to your network is defined by your RADIUS implementation.
Many, many years ago we transistioned from LEAP to PEAP. George Ou wrote an "ultimate" guide that helped tremendously.
For our Windows clients, we push the certificate and wireless settings out via AD and GPO. When we were doing machine authentication, we were also adding Apple clients to the domain (not sure how we did that, but somebody figured it out). Getting the settings to the Apple users was actually very easy - Apple makes it very easy to just trust the certificate. We went a little further and required the machine authentication as well as put users into a specific AD group to gain wireless access.
I know there is a lot of documentation out there, especially from Microsoft, and it looks very daunting. Obviously I don't know what your specific requirements are, but I've found PEAP to be very straight forward. You should still be able to find the guide from TechRepublic or ZDNet.