When you state "machine authentication"; are you referring to authenticating via the computer account rather than username or are you referring to the "enforce machine authentiation" setting in the 802.1X Authentication Profile on the controller?
I believe you are referring to the former....if so, are the Mac devices bound/joined to AD? If they are, I have some customers who have the Mac computers connect to the wireless through a System Profile on the Mac. This allows the Mac to authenticate as the computer name rather than the logged on user. Refer to http://support.apple.com/kb/HT3326. I don't know the details beind the setup, .......but it is possible and seems to work well.