Gave up on Steel belted radius went back to IAS
Added user to the domain Mac-address username and password
Made a member of groups <DOMAIN user=""> and <RAS and="" ias="" servers="">
Dial in allow access
Account Password settings ; user cannot change password, never expires, store using reversible ( this can take time to replicate, you also need to reset the password if you have just ticked the box as the password is not changed automatically)
IAS
Policy properties : add your windows group I used domain users
Edit profile
Authentication : encrypted authentication (chap)
Advanced :
I added
framed-protocol PPP
service-type framed
tunnel-medium-type 802
You can put you Vlan info in here too
IASparse tool kool for looking at the log files
I am up and running thanks for the help
I found the following Doc very useful
http://www.foundrynet.com/pdf/wp-deploying-mac-with-ias.pdfswitch config
aaa accounting network radius
radius-server host 172.28.9.69 key *****
aaa port-access mac-based 1-4
aaa port-access mac-based addr-format multi-dash</RAS></DOMAIN>