3.10.53. EAP_TTLS_AllowInRequest Previous topic Parent topic Child topic Next topic

For EAP-TTLS authentication, this optional parameter tells Radiator to allow only the specified attributes in requests from EAP-TTLS clients. Attributes that are not allowed are ignored and logged on debug level.
By default, the following attributes are allowed in requests.
  • User-Name
  • User-Password
  • CHAP-Password
  • CHAP-Challenge
  • EAP-Message
  • MS-CHAP-Response
  • MS-CHAP-Challenge
  • MS-CHAP2-Response
These are the attributes from EAP-TTLS RFC 5281 except of the password change related attributes, which are currently not allowed by default.
Here is an example of using EAP_TTLS_AllowInRequest:
# Also allow our vendor specific attribute in EAP-TTLS requests
EAP_TTLS_AllowInRequest OSC-AVPAIR, User-Name, User-Password, \
         CHAP-Password, CHAP-Challenge, EAP-Message, \
         MS-CHAP-Response, MS-CHAP-Challenge, MS-CHAP2-Response