For EAP-TTLS authentication, this optional parameter tells Radiator to allow only the specified attributes in replies to EAP-TTLS clients. Attributes that are not allowed are silently ignored.

By default, the following attributes are allowed in requests:

These are the attributes from EAP-TTLS RFC 5281 except of the password change related attributes, which are currently not allowed by default.

Here is an example of using EAP_TTLS_AllowInReply:

# Also allow our vendor specific attribute in EAP-TTLS replies
EAP_TTLS_AllowInReply OSC-AVPAIR, EAP-Message, MS-CHAP2-Success