How to fix pfSense FreeRADIUS Login incorrect (eap_peap: TLS Alert read:fatal:access denied)

Problem:

When trying to login using WPA-EAP or 802.1X using the RADIUS protocol for authentication, you see an error message like

(235) Login incorrect (eap_peap: TLS Alert read:fatal:access denied): [uli/<via Auth-Type = eap>] (from client APs port 0 cli 98-55-2B-A9-76-B9)

Solution

The issue in my case was that the CA certificate was not valid any more. Go to

Services => FreeRADIUS => EAP

and scroll down to Certificates for TLS You need to choose correct, valid certificates for both the SSL CA Certificate and the SSL Server Certificate. The CA must be the CA that issued the server certificate. It is recommended to use self-signed certificates for RADIUS EAP.