I have IAS set up on my organization's AD domain controller.  Multiple policies set up for various authorization scenarios, authenticating based on Windows user groups and client IP, authorizing by passing "shell:priv-lvl=#" where #=desired privilege level.  On my IOS devices I have:

!snipped aaa server groups definitions

aaa authentication login outside group RadiusServers local

aaa authentication login inside local

aaa authorization exec outside

!snipped radius server definitions

!#### = some vlan interface on switch

ip radius source-interface ####

line con 0

login authentication inside

line vty 0 4

login authentication outside

authorization exec outside

This identical configuration operates correctly on a Cisco 3825 and a Catalyst 4506.  On the 24 port Cat 3560G PoE running 12.2SE (do not recall exact IOS version, but I know it is in that release train) that I am currently working on, every attempt to login via ssh passes authentication but fails authorization, displaying %Authorization Failed on the terminal and a message stating that "No appropriate privilege level found for user" in the debug statement from RADIUS.

Does anyone have any experience with a similar issue, and if so, what was your fix?  I have verified correct server addresses, correct source-interfaces, and that configs between the three devices match exactly with regards to aaa.