Wireless can only have a single EAP type, so no. You can authenticate via user certificate and then redirect to a captive portal to accept a username and password, but the question is...why would you? It is probably too complicated for your clients.
If an organization thinks that certificates are not enough, they should visit an organization that uses certificates to get a sense of how it works with a general population.