We did the two SSID method.
We built a Captive Portal that has a bunch of menu options for our users to select.
Connect to the SSID and what not.
You can also provide them with an XML file and a small batch script that will automatically configure their Windows laptops for 802.1x authentication.
Wrap it all in an SFX archive and have the archive ask for admin priv. and you are all set!
Two SSID method seems to work well though in our limited experience