First of all you should add your radius servers to server group in your controller(Configuration>Authentication>Servers>Radius Server. Then under VAP profile, you shoud point this server group in aaa profile related to your profile.
Then your initial role(role before authentication) for your users should be logon and Default Role for 802.1x Authentication(role after 802.1x authentication) must be authenticated.
Check for your Captive Portal authentication. And disable it if neccesarry.
Optionally, you can use Aruba Controller's internal server for radius services.