How to fix pfSense FreeRADIUS Login incorrect (eap_peap: TLS Alert read:fatal:access denied)

Problem:

When trying to login using WPA-EAP or 802.1X using the RADIUS protocol for authentication, you see an error message like

freeradius_error.txt

(235) Login incorrect (eap_peap: TLS Alert read:fatal:access denied): [uli/<via Auth-Type = eap>] (from client APs port 0 cli 98-55-2B-A9-76-B9)

(235) Login incorrect (eap_peap: TLS Alert read:fatal:access denied): [uli/<via Auth-Type = eap>] (from client APs port 0 cli 98-55-2B-A9-76-B9)

Solution

The issue in my case was that the CA certificate was not valid any more. Go to

Services => FreeRADIUS => EAP

and scroll down to Certificates for TLS You need to choose correct, valid certificates for both the SSL CA Certificate and the SSL Server Certificate. The CA must be the CA that issued the server certificate. It is recommended to use self-signed certificates for RADIUS EAP.

Check out similar posts by category: Networking

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee