First you’ll need a group that all your disabled clients are going to.
Next add the following lines to the user file “/etc/raddb/users”. Change SQL-Group to Group if your groups are not in a SQL database.
DEFAULT SQL-Group == "disabled", Auth-Type := Reject Reply-Message = "Your account has been disabled."
Save, exit and test.
This should keep all clients in the disabled group from authorizing.