I have multiple users whom after switching to El Capitan operating system can no longer properly authenticate through RADIUS server. I have the radius assigning an attribute to users to only allow those users to access the network and dump the rest into a dead vlan. The users work fine on other systems but not on their El Capitan OS. Has anyone else had this issue?
Depends on the scale of your deployment. I would tend to favour the use of 802.1X authentication where applicable/possible. However given your situation I would probably lean towards the use of PPSK's. This allows to you issue each user with there own passphrase which can be used to identify them through the HM monitor and reporting functions.
That's a lot of setup and maintenance work with turnover though, no? It would certainly be more reliable than what I have going on now but I worry about causing myself a ton of extra work. Does Aerohive have an authentication method through Google login that operates differently than the AD Radius Server? or is it similar in that it would experience the same outage with Mac OS?
Potentially - again it really does depend on your specific requirements. How would you be issuing PSK/PPSK's. Would you take advantage of self registration? How long will the keys be valid? - I'm simply playing devils advocate at this point but thinking of use case scenarios will definitely help towards finding your answer.