I would also say, can you get the logs.log from the client, if you are using the PAM client ? That may give us some ideas
Have you been able to check at the AD what happens when the client tries to access the PAM server ? Does it really get authenticated and is it the Radius that is throwing it back ?
The other thing you may want to do is to enable trace at the java console and gather the logs. That will tell us why java seems not able to connect
As a last resource: get wireshark and repeat the process, then capture the packets. That may give a clue