802.fail

It always seems that when you try to do things the right way, everything conspires against you. In this situation its 802.1x We just got in a 25 macbook laptop cart (+ Airport Extreme) and trying to get 802.1x configured on these machines is making want to kill. We set up the RADIUS server, the Airport is seeing it fine, but I cant for the life of me get it to work right on these machines and there is so little 802.1x info out for Leopard I am at my wits end. To start it off we have all the most recent updates for 10.5.6 Whats going on is on our PC laptops, they see the wireless, authenticate to 802.1x using their domain credentials, then upon login pass on to the user credentials. On the macs, this is not happening even with them being joined to the domain. I used the login window profile thinking this would be what I needed, but even with the certificate added to login AND system keychains, I still get [b]Your computer cannot access the secure network.[/b] The 802.1x authentication server's certificate is not trusted. Contact your network administrator for more information. This becomes a major issue because unless the account is created connected to ethernet, I cannot create a account since its not joined to the wireless at login. Likewise because of this they are not seeing Open Directory and thus not getting management commands on login nor is Kerberos being configured correctly on login since they are not seeing AD and getting their info from the stored mobile account so while it usually works it fails just as often. What am I doing wrong, or is it something on our backend that I need to have fixed? To compound this, when I do login, we are even having some issues with the user profile created for the person. Wireless is almost always getting a self-assigned IP unless I turn off then turn on airprort, and despite having the info stored to the profile occasionally will ask for the username and password for 802.1x anyway. edit: meant to add, yes the certificate added to both login and system is completely trusted, and was taken directly from the certificate store, which is another interesting thing I noticed, if I got a cert upon joining 802.1x it only lasted a month, but the cert actually on the server lats till 2013.