As I recall by putting a user into a voip group did something odd to the authentication. I think the password had to be empty, ie supplied but empty.
I think that was pretty much all there was to it.
Bear in mind this was so long ago that it pre-dated EAP - I think it probably worked with PAP only. I doubt it would even work with later versions of ACS as there's noone left at Cisco who knew anything about it.