If you need someone to troubleshoot with you, it is probably best to reach out to your Aruba partner or to Aruba support.
In the case you have an error in the return attributes or in the role content, what I have seen few times is that in the show port-access clients <port> detail, it says: rejected, no vlan. On how to troubleshoot that, I created a video: https://www.youtube.com/watch?v=IayTBrXVznE
Key commands there on the switch are:
debug destination session
debug event
If that doesn't give enough, you can, in addition, debug the following:
debug security port-access
debug security radius-server
It is hard to tell what to look for as there is barely information in your reports. In my experience, watching these logs live as they come in, together with someone who has seen more of these logs is the most effective way to solve the issue. Reach out to your Aruba partner or Aruba TAC for such a live troubleshooting session if you can't make sense out of the debug logs.