You have multiple problems:
- You should only have the ClearPass TACACS server in your server group.
- The Clearpass TACACS server is showing out of service because you probably did not set a TACACS+ key in ClearPass under Network> Devices> Aruba Controller
- For now, your "Default Role" on the controller should be root, because you are not returning any aruba-admin-user radius attribute. Any authentication by a radius server that does not return that attribute gets the default role (no access). You can lock that down when you get authentication working..