You don't need to use machine authentication if you don't need to you can use take the tick off where it says "Authenticate as a computer when computer information is available" in the Authentication tab. In this case you would only need to create a policy for users who will be allowed to access the network.
Just thinking about this if you not going to authenticate using machine you may find that some login or start scripts may not run. I've never tried this so i don't know.
I really can't see why you don't want to authenticate as the machine.
If you do machine authentication with user re-authentication the pause as it drops the connection to reconnect as the user could cause you login stuff not to run.
Authenticating as the machine still connects the user to all their shares etc...
I have a situation with my installation. I set up a Radius server on a switch cisco catalyst 3750 with an AD (for now only one) using 802.1x with dynamic vlan assignment. The problem is that when the supplicant boots, he cannot enter his credentials, he's directly asked to log on the AD... without any network connection... Hard ... So I'm trying to force xp to prompt the user before the logon.
Can you help me ?