For future reference – as documented by Microsoft: Network Policy Server Best Practices | Microsoft Learn – RADIUS (and by extension, NPS) does not support extended ASCII characters in passwords.
So if you’re having issues with a subset of users being unable to authenticate via RADIUS – check if they have extended-ASCII characters in their password. (£ is one such example … anything with the value 127 or lower on https://asciitable.com is allowed).