The issue is with the passwords in LDAP - (the passwords should not be transmitted, but rather, a hash is transmitted).
LDAP repositories are suited to PAP/ASCII password exchanges. And neither of those are supported inner EAP methods
Is there any way you could get those LDAP identities into ISE itself? It might require some coding and regular sync, but if the username and password existed in ISE, then you can do EAP and MSCHAPv1/2 inner method.
The obvious solution would be to migrate the users to Active Directory ... instead of Novel
I believe there are people on the internet who have got this to work -but they had to create password hashes for all of the accounts and then store this hashed password as an additional attribute per user. Quite clever - it means that ISE would have to retrieve that attribute during authentication, and not the regular user password. I cannot verify this but it sounds very promising.