[azernik]

WPA2 Enterprise use a central RADIUS server for authentication, with separate credentials for each user, and a (separately-distributed) certificate for the server.

It's just not practical for consumer and small-business setups.

[gsich]

Somewhat true. Setting up a Freeradius is not hard. Problem is that you need another device that is running 24/7.

[dogma1138]

The RADIUS server can run on the router/AP without compromising practical security in most cases.

[azernik]

The bit that's less practical for consumer setup is more the cert distribution and setup of separate credentials for each user. (The RADIUS server could even be built into the router in a consumer product.)

[gsich]

That's not needed, trust on first connect.

[gruez]

and what do you do if the certificate mismatches? 99% chance the average person will click through the warning because they want internet now.

[gsich]

Correct. You can't solve every problem with technology.