3.10.54. EAP_TTLS_AllowInReply Previous topic Parent topic Child topic Next topic

For EAP-TTLS authentication, this optional parameter tells Radiator to allow only the specified attributes in replies to EAP-TTLS clients. Attributes that are not allowed are silently ignored.
By default, the following attributes are allowed in requests:
  • EAP-Message
  • MS-CHAP2-Success
These are the attributes from EAP-TTLS RFC 5281 except of the password change related attributes, which are currently not allowed by default.
Here is an example of using EAP_TTLS_AllowInReply:
# Also allow our vendor specific attribute in EAP-TTLS replies
EAP_TTLS_AllowInReply OSC-AVPAIR, EAP-Message, MS-CHAP2-Success