I know of a company that has Cisco LWAPP access points, Cisco Wireless LAN controllers and Radius server that talks to Active Directory.
The clients are doing peap-eap authentication.
My question is, is the radius server authenticating the users or is it authenticating the access point or both?
It depends on how the APs and authentication are configured, but in a standard Cisco WLC setup it will be the RADIUS server that does the user authentication (via AD) and nothing more.
There's lots of scenarios, but as well as user authentication, APs can be authenticated too. Where used, AP authentication (as in letting APs connect to the WLC) is usually done using a MAC list at the WLC. If the network supports 802.1x on the switches you can use 802.1x to authenticate the AP at the wired network level and MAC-based auth at the WLC to allow APs to actually connect to the WLC.