If you are referring to management user access of the 4402, simply define the Local management user under the management tab and then under security tab and priority order, ensure the order used is Local first and Radius second or remove it altogether after you have confirmed your local account is setup correctly.

are you using local eap on the WLC ? 

if not , then no changes needed on the WLC , all changes should be implemented on the radius server and the end clients , 

This document explains how to configure the Wireless LAN controller (WLC) for Extensible Authentication Protocol (EAP) authentication with the use of an external RADIUS server. This configuration example uses the Cisco Secure Access Control Server (ACS) as the external RADIUS server in order to validate the user credentials.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69730-eap-auth-wlc.html

This document explains how Cisco implements web authentication and shows how to configure a Cisco 4400 Series Wireless LAN (WLAN) Controller (WLC) to support an Internal web authentication.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html