josu-k35
i'll be preparing a forum post on this soon enough (next week i hope), values over 1000ms are problematic for recent Apple devices at a minimum and you should exercise care in using anything greater than a few hundred msec.
And yes, TAC are guilty of using slapdash values - myself included and it is for this reason I recently discovered a problem with iOS8 and the usual values that we like to use on these timers (long story short, if the time is too long between eap-success and wpa2-key1, Apple device appears to start to scan and is gone by the time controller starts key exchange, which ends up seriously prolonging the exchange or failing completely)
Please reset all timers to default, ensure you have eapol rate optimsation turned on in the SSID profile, and see how the client behaves from auth trace buf under 'regular' conditions.
You can also look at enabling 'packet-capture wifi-client' and taking a look at the actual transaction (more or less mirrors the auth trace buf, but better granularity) to see what is going on.
regards
-jeff