Cisco

Why does authorization not pass through radius, via l2tp, but everything is fine via pptp and users connect?

there is a working server for connecting clients via vpn via pptp and a configured radius server, everything works.
Added aaa new-model to the existing l2tp config
!
!
aaa authentication login default local group radius
aaa authentication ppp default local group radius
aaa authorization exec default local group radius
aaa authorization network default local group radius
!
vpdn enable
!
vpdn-group TarraUsersVPN
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 1
lcp renegotiation always
no l2tp tunnel authentication
l2tp tunnel timeout no-session 15
ip mtu adjust
!
interface Virtual-Template1
ip unnumbered Loopback
peer default ip address pool VPN-Users-pool
no keepalive
ppp encrypt mppe auto ppp authentication
ms-chap-v2 chap Here is the debug
on cisco Sep 12 17:24:56.562: AAA/AUTHOR (0x0): Pick method list ' local-list 16' Sep 12 17:24:56.582: AAA/BIND(0000002C): Bind i/f Sep 12 17:24:56.606: AAA/BIND(0000002C): Bind i/f Virtual-Template1 Sep 12 17:24:56.738: AAA/AUTHEN/PPP (0000002C): Pick method list 'default'
Sep 12 17:24:56.738: RADIUS/ENCODE(0000002C):Orig. component type = VPDN
Sep 12 17:24:56.738: RADIUS: DSL line rate attributes successfully added
Sep 12 17:24:56.738: RADIUS(0000002C): Config NAS IP: 0.0.0.0
Sep 12 17:24:56.738: RADIUS( 0000002C): Config NAS IPv6: ::
Sep 12 17:24:56.738: RADIUS/ENCODE(0000002C): acct_session_id: 34
Sep 12 17:24:56.738: RADIUS(0000002C): sending
Sep 12 17:24:56.738: RADIUS /ENCODE: Best Local IP-Address 22.22.22.2 for Radius-Server 10.10.10.1
Sep 12 17:24:56.738: RADIUS(0000002C): Send Access-Request to 10.10.10.1:1812 id 1645/26, len 175
Sep 12 17:24:56.738: RADIUS: authenticator C6 54 46 7F FF A5 E0 41 - 68 1E A0 CC FE 3C B0 E4
Sep 12 17:24:56.742: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 12 17:24:56.742: RADIUS: User-Name [1] 16 "vpn_user"
Sep 12 17:24:56.742: RADIUS : Vendor, Microsoft [26] 24
Sep 12 17:24:56.742: RADIUS: MS-CHAP-Challenge [11] 18
Sep 12 17:24:56.742: RADIUS: C6 54 46 7F FF A5 E0 41 68 1E A0 CC FE 3C B0 E4 [TFAh<]
Sep 12 17:24:56.742: RADIUS: Vendor, Microsoft [26] 58
Sep 12 17:24:56.742: RADIUS: MS-CHAP-V2-Response[25] 52 *
Sep 12 17: 24:56.742: RADIUS: Connect-Info [77] 11 "100000000"
Sep 12 17:24:56.742: RADIUS: NAS-Port-Type [61] 6 Sync [1]
Sep 12 17:24:56.742: RADIUS:NAS port [5] 6 10029
Sep 12 17:24:56.742: RADIUS: NAS-Port-Id [87] 16 "Uniq-Sess-ID29"
Sep 12 17:24:56.742: RADIUS: Service-Type [6] 6 Framed [2]
Sep 12 17 :24:56.742: RADIUS: NAS-IP-Address [4] 6 22.22.22.2
Sep 12 17:24:56.742: RADIUS(0000002C): Sending a IPv4 Radius Packet
Sep 12 17:24:56.742: RADIUS(0000002C): Started 5 sec timeout
Sep 12 17:24:56.930: RADIUS: Received from id 1645/26 10.10.10.1:1812, Access-Reject, len 42
Sep 12 17:24:56.930: RADIUS: authenticator C2 1D 4D 13 98 4C B0 D7 - 90 87 E0 47 4E D0 65 37
Sep 12 17:24:56.930: RADIUS: Vendor, Microsoft [26] 22
Sep 12 17:24:56.930: RADIUS: MS-CHAP-ERROR [2] 16
Sep 12 17:24:56.930: RADIUS: 00 45 3D 36 34 39 20 52 3D 30 20 56 3D 33 [ E=649 R=0 V=3]
Sep 12 17:24:56.930: RADIUS(0000002C): Received from id 1645/26