Hi Alai,
As you have segregated the issue to till the point that ACS indeed is sending ACCESS-ACCEPT.
Now to troubleshoot this issue. First I would recommend you to only turn on Authentication on Nokia/checkpoint Nortel/AD3 and Nortel 5510 and turn off authorization if configured on these devices. And then check if you are able to log in.
And the exact reason why your access was denied on those devices could only be found by turning some sort of debugs, which will tell you whay those devices denied the request, even though radius server allowed them. It could it was looking for some extra attribute, or it could be timeout issue, i.e. ACCESS-ACCEPT never reached that device etc etc.
But the real reason, if Radius server authenticated the user, could only be found from device debugs.
Regards,
Prem