You only need client certificates if you are using EAP-TLS. If you use PEAP-MSCHAPv2; it is username/password combination; but the RADIUS server still needs a certificate which the clients can validate/trust. The TechNet link I included above has a minimum server requirement and minimum client requirement section; if not using client certificates; you can ingnore the minimum client requirements section.
The following summarizes some of the PEAP-MSCHAPv2 requirements.
https://technet.microsoft.com/en-us/library/cc754179(v=ws.10).aspx