At my former school the IT-dept. used a combination of radius and certs to authenticate users on their WLAN. You would get two certs from the IT-dept. a root cert (CA cert i guess) and a personal certs (called .p12).
Once installed, you could go online – not need for captive portal. I guess this is called eap/tls.
Can this be done with zeroshell? I followed the guide wirtten be ptaylor – that worked fine. But the problem is the usernames and passwords. I really would like not to use these, but to all auth. take place only by certs.