Hello Alan, thank you for your response.
Where is this coming from?
The default configuration has *no* "Auth-Type = Reject" setting. You
have added this locally.
Note: If you want to reject authentication by default then edit the raddb/users file and add this:
DEFAULT Auth-Type := Reject
Then add Auth-Type Accept with := as op in radgroupcheck for each group.