Are you using user-roles? No, I don't see any user-roles configured.
If not using user-roles, you can do show port-access <authenticator> or <mac-based>
We don't do mac-based auth on switch level, so I guess I'll need this <authenticator>-thing though I have no clue what that should be...
EDIT: hmm looks to me no authenticator is configured...
show port-access authenticator
gives me the following;
Port-access authenticator activated [No] : No
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No
Use LLDP data to authenticate [No] : No
The other thing to check is if you have "ip client-tracker trusted" enabled in the config
It's there in the config alright, is ip client-tracker trusted enough? We also have ip client-tracker probe-delay 270 but that seems rather harmless of a setting...