How about a method so the IAPs truly do work out of the box?
The product is advertised as working without IT support. I think it even says it can be configured faster than a cup of coffee... or something like that.
Last I checked, establishing a radius server requires IT support.
Can you simply configure the internal splash page to not be a secure page? You aren't really collecting information, despite having the user enter their email address... it's not being collected anywhere.
Or, how about detailed KB instructions on how to create / upload a certificate for the guest captive portal?
(Yes, I'm beating a dead horse... been asking for this since we bought them. It's the difference between a decent product and a product I would rave about.)