Problem:
When trying to login using WPA-EAP or 802.1X using the RADIUS protocol for authentication, you see an error message like
(235) Login incorrect (eap_peap: TLS Alert read:fatal:access denied): [uli/<via Auth-Type = eap>] (from client APs port 0 cli 98-55-2B-A9-76-B9)
Solution:
The issue in my case was that the CA certificate was not valid any more. Go to
Services => FreeRADIUS => EAP
and scroll down to Certificates for TLS
You need to choose correct, valid certificates for both the SSL CA Certificate and the SSL Server Certificate. The CA must be the CA that issued the server certificate. It is recommended to use self-signed certificates for RADIUS EAP.