Hi,
This is very subjective.
First you need to know what security method you want to use, and authentication method.
For example, if you use PEAP you will need to have a certificate on the RADIUS server.
If you use EAP-TLS you will need a certificate on the RADIUS server and one on each client.
Default windows suplicants have by default PEAP-MSCHAP and this is the most widely used authenitcation method.
To be able t ouse it you will need to install a certificate on the RADIUS server (IAS on your setup), so either you use its own CA or you will need to get a certificate from another CA...
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.