Captive Portal

Hello
I have been testing monowall in a private subnet to set up a captive portal for users using wireless to connect. I created a standalone domain controller with a fake domain.. named : monowall.local i set up ias on that server (2k3) and enable radius and created a user to test and all goes fine there.
now i want to go into production and have installed the ias in a real domain controller so that the employees of the society I am doing this for can authenticate with their username and password but there nothing works. I can get the login screen from monowall but the authentication fails the reason ias gives me is :
"The user attempted to use an authentication method that is not enabled on the matching remote access policy"

the problem is that i have set up the ias server in the production domain exactly the same way as i did in the test domain monowall.local, and all i did in monowall was change the address of the radius server.
the event viewer in windows server  tells me that the authentication type is PAP and I have added authentication type PAP to the remote access policy still I always get the same message (reason code= 66)
I don't know what to do..  I am doing an internship in the society. I did not create the active directory and its hundreds of users I don't know if it doesn't allow PAP as a method of authentication.
I have setup m0n0wall with three NICs the access point is connected to a NIC i call portal there are two other nics one for LAN other for WAN. I see the wireless ssid.. I get the login screen but I can't authenticate.
If I add the mac of the pc i want to connect from in the pass-through mac tab i can access the web but of course unauthenticated.
In the event viewer log i see :
NAS-Port Type= Ethernet
NAS-Port = 0
why ethernet. i am connecting wirelessly..
if anyone can give me directions to solve this issue I would be very grateful.
thank you.
Mario

Do you still need help with this?