rlm_eap_ttls
Synopsis
Processing Sections
None.  This is a sub-module of eap, and cannot be used on its own.
Expansions
None.
Directives
- Syntax
- 
copy_request_to_tunnel = boolean 
- Default
- 
no 
- Description
- 
The tunneled authentication request does not usually contain useful attributes like Calling-Station-Id, etc. These attributes are outside of the tunnel. By setting this configuration entry toyes, any attribute which is not in the tunneled authentication request, but which is available outside of the tunnel, is copied to the tunneled request.
This directive should be set to yes only for compatibility.  In
version 2 and later, the outer attributes can be referred to from the
inner session, by using outer.request:Attribute-Name.  See the
unlang documentation for more information on attribute references.
allowed values: {no, yes}
- Syntax
- 
default_eap_type = string 
- Default
- 
md5 
- Description
- 
The tunneled EAP session needs a default EAP type which is separate from the one for the non-tunneled EAP module. Inside of the TTLStunnel, we recommend using EAP-MD5. If the request does not contain an EAP conversation, then this configuration entry is ignored.
- Syntax
- 
include_length = boolean 
- Default
- 
yes 
- Description
- 
This common has the same meaning, the same overwrites, and the same field as the tlsconfiguration.
- Syntax
- 
require_client_cert = boolean 
- Default
- 
yes 
- Description
- 
Unlike EAP-TLS, EAP-TTLS does not require a client certificate. However, you can require one by setting the following option. You can also override this option by setting EAP-TLS-Require-Client-Cert = Yesin the control items for a request.
- Syntax
- 
tls = string 
Default: tls_common
- Description
- 
Points to the common TLS configuration, which is documented in tls-common. 
- Syntax
- 
use_tunneled_reply = boolean 
- Default
- 
no 
- Description
- 
The reply attributes sent to the NASare usually based on the name of the useroutsideof the tunnel (usuallyanonymous). If you want to send the reply attributes based on the user name inside of the tunnel, then set this configuration entry toyes, and the reply to the NAS will be taken from the reply to the tunnelled request. allowed values: {no, yes}
- Syntax
- 
virtual_server = string 
- Default
- 
inner-tunnel 
- Description
- 
The inner tunnelled request can be sent through a virtual server constructed specifically for this purpose. If this entry is commented out, the inner tunnelled request will be sent through the virtual server that processed the outer requests.