Purely guessing here, but that’s how a lot of troubleshooting starts…
Do any of the logs (you ARE logging?) show the full user name? I’ve seen some cases where the user’s name was pre-pended with their local machine name instead of standing alone or being prepended with the domain name.
Failing log info, then start sniffing the authentication traffic.
My gut instinct (especially when using IAS to pass through authentication credentials) is to suspect a windows-like name issue. When you’re doing stand-alone RADIUS, this is not seen as often.