I'm in the process of consolidating a large number of SSID's into a single SSID using dynamic VLANS. I have followed the Ruckus documentation for configuring the appropriate attributes on the RADIUS server, and have an SSID set up for dynamic vlans on the Zonedirector.
My test clients connect to the SSID, and are prompted for credentials. I can see the credentials accepted on the NPS server, and wireshark confirms the Access-Accept message contains the Tunnel-Private-Group-ID value for the desired VLAN.
At this point the client stalls trying to get a DHCP lease. The DHCP server is working, as these are existing scopes and subnets and I can connect a wired client into the switch on an access port for the same vlan and get a lease.
Wireshark shows no DHCP broadcast request from the client at all.
The switchport for the AP is a trunk, with the VLAN tagged and allowed.
I would suggest creating a test wlan in the clear so you can read the wireless capture and put it on a static VLAN to match the DVLAN is supposed to be assigned to, and see if you can get an IP that way and see if the client sends a DHCP discover.
You might want to mirror the AP's port and see if the AP got the Discover packet and if it's sending it out with the proper tag.
I did as you suggested and created a test WLAN with a static VLAN matching the DVLAN I am testing. The client associated and the DHCP request is seen in the packet capture, and the client receives an IP address assignment for the correct VLAN.