Hi,
Yes, it is a start.
I imagine that inside your SRV-RADIUS you added clearpass, nps or
another RADIUS server. Or you don't have RADIUS server and that is why
are you doing termination on the controller?
If you have a corporate user you use EAP-TLS and you have a certificate
in that corporate laptop, right?
When you are using non-corporate traffic, you use EAP-PEAP and you
authenticate against an AD or database, right?
Are you sending any roles back to the controller once the user has been
authenticated or do you just used the authenticate role?
I mean, when you say that android works, which role do you receive?
(Show user | i (mac address or ip address))
Cheers
Borja