The old way of users to authenticate to the users portal by checking against their set password in the
radcheck table is deprecated (which is not good for
mac-based users since the
auth-type would be accept instead of a password attribute).
The new is that you set for the user a password and toggle whether the user is permitted to login or not (and possibly also to update his contact settings)