You propably see the following:
This is because PPP authentication is seperated from the line login. First there is the login authentication, then the PPP session is started, then PPP authentication is performed, then authorization and finally the PPP session is up.
By default, the "active" username is reset to empty, "", when the PPP session is started. So if no PPP authentication is performed, then the username in the subsequent authorization requests is "" also.
There are two ways to solve this. Either use PPP authentication, i.e. PAP or CHAP, in addition to the login authentication already done, by
aaa authentication ppp default tacacs+
The second and more common solution is to tell the NAS to carry over the authentication information from login authentication to PPP authentication. With the following configuration, the NAS behaves as if PPP authentication has happened for the user who starts the PPP session:
aaa authentication ppp default if-needed tacacs+