OK - Great, I know you have the basic covered.
What version of PANW?
What version of CPPM?
You don't have multi-vsys do you?
Nn 'funny' permit/deny rules in PANW stopping CPPM post the data to the PANW node?
After a user associates to an ssid and you get the auth in CPPM, do you see in the access tracer for the user session an 'Accounting' Tab for the session?