When you use RADIUS authentication on the concentrator, the ACS server will automatically send all the user attributes to the concentrator for the user that is connecting. There is no need to have Authorization to be configured on the RADIUS server.
According to the logs, seems like the IP pool is the problem.
Group [GroupP] User [tuser] Obtained IP addr (192.168.32.128) prior to initiating Mode Cfg (XAuth enabled)
Group [GroupP] User [tuser] Sending subnet mask (255.255.255.224) to remote client
Group [GroupP] User [tuser] Attempted to assign network or broadcast IP address, removing (192.168.32.128) from pool
After this, I see the client negotiation again and the client gets connected.
So, the IP address is removed from the pool. Please make sure you configure a pool that doesnt have any broadcast IP address.
Rate it, if this post helps.