How to fix pfSense FreeRADIUS Login incorrect (eap_peap: TLS Alert read:fatal:access denied)
Problem:
When trying to login using WPA-EAP or 802.1X using the RADIUS protocol for authentication, you see an error message like
(235) Login incorrect (eap_peap: TLS Alert read:fatal:access denied): [uli/<via Auth-Type = eap>] (from client APs port 0 cli 98-55-2B-A9-76-B9)
Solution
The issue in my case was that the CA certificate was not valid any more. Go to
Services => FreeRADIUS => EAP
and scroll down to Certificates for TLS
You need to choose correct, valid certificates for both theĀ SSL CA Certificate
and theĀ SSL Server Certificate
. The CA must be the CA that issued the server certificate. It is recommended to use self-signed certificates for RADIUS EAP.