FreeRadius authentication and check-items

  • I have been playing around and trying to figure out the freeradius package for wifi authentication. I have multiple SSIDs with different Vlans and I wanted to use the check-item attribute Called-Station-ID =~ ".*(:SSID_HERE)$" to restrict users to a specific SSID.
    For users/clients authenticating with a username and password the check-item attributes work just fine. But for clients using a client certificate the check-item attributes seem to be ignored entirely.
    I have also played around with other attributes like NAS-IP-Address and Calling-Station-ID with the same results.