Hi Tim,
I'm taking the liberty to bring up again this topic. I'm currently facing similar issue than OP, however it is slightly different as customer is also performing Machine Authentication before User Authentication.
Actually the customer purpose is to logon with laptop's Local Admin account (not in AD either in CP Local Repository, resulting with User Auth failure) and keep IP from restricted vLAN assigned after Machine Authentication. In other words we expected the following:
[Machine Auth] OK + [User Auth] FAIL = Keep IP from Mach Auth Restricted vLAN
I understood well that unchecking "Auto windows credentials for 802.1x" option would make it work (I will test it asap).
But just to give clear explanation to customer and verify that I understood well, it is not possible to get IP from Machine Auth vLAN if User Auth fails afterwards ? In other words the following :
[Machine Authenticated] OK + [User Authenticated] FAIL = FAIL (APIPA IP assigned) ?
Thank you.