We have setup wifi in our office that uses radius authentication using NPS. It works great and we have no problem connecting devices that are not even on our network (iPads, Androids, etc).
The issue is if a guest has a laptop that is joined to a different domain, they cannot connect to the wifi using our guest credentials. No error other than "unable to join 'ourSSIDname'".
Attached is a stripped down version of our running config from the AP.