802.1x port-based wired authentication

Hello,
I'm not sure if I have the correct forums here, but I'll just go ahead and ask anyways.
I am trying to set up 802.1x port-based wired authentication for my domain. My network consists of windows servers and windows supplicants and all Cisco switches and routers. Right now, I have windows server 2003 as my IAS (RADIUS) and DC; and windows xp pro as my supplicant. I have managed to successfully set up port-based authentication with an MD5 challenge as my EAP type. This does not work in my current situation because the workstation does not get a valid ip address until the username and password are entered, however, the user could not enter their username or password until they are logged into the domain…. through the network that they don’t have an ip address for… kind of a paradox here!

My idea scenario would be:
Have the workstation boot up to the log in screen. When the user enters their credentials, they are sent to the RADIUS server and verified. After they are verified the workstation would obtain a valid ip address from the network and the user would be able log into the domain. I have no idea if this is even possible, but I thought I would ask!

Basically what I’m trying to ask here is this:
Is there a way to set up 802.1x wired authentication in a windows domain that would be seamless to the end user? ie: no having to go to a website and obtain a certificate.

Just an FYI: im a cisco guy. Im not a windows guy!

Yes, the workstations are set up in the DC.
Your setup sounds really similar to what I am trying to do. How did you set this up? Do you know of any good documents I could read to figure out how to do this?