We need to see the debug for
debug aaa authorization
debug aaa per
debug radius
Based on that we can decode the authorization attributes passed to 3640 with "access accept" reply.
By the way, do you see any special attributes configured for that user in IAS?
You can just configure IAS with basic authorization attributes required and test it.