MAC Authentication Queries

[FreeRAD]

Hi Team,

I have recently set up MAC Authentication to happen before my EAP
authentication takes over and just had some questions about the
configuration I used (found here
<https://wiki.freeradius.org/guide/Mac-Auth>).

The page states that you should use the below configuration to make this
work:

 if (!ok) {
        # Reject if the MAC address was not permitted.
                reject
        }

        # If this is NOT 802.1x, mac-auth
        if (!EAP-Message) {
                # MAC address has already been checked, so accept
                update control {
                        Auth-Type := Accept
                }
        }
        else {
                # Normal FreeRADIUS virtual server config goes here e.g.
                eap
        }
}

But seemingly whenever I enclose the rest of my Authorize config within the
final 'else' statement I get an error:



*/etc/freeradius/3.0/sites-enabled/default[526]: Failed to find "Autz-Type"
as a module or policy./etc/freeradius/3.0/sites-enabled/default[526]:
Please verify that the configuration exists in
/etc/freeradius/3.0/mods-enabled/Autz-Type./etc/freeradius/3.0/sites-enabled/default[526]:
Failed to parse "Autz-Type"
subsection./etc/freeradius/3.0/sites-enabled/default[285]: Errors parsing
authorize section. *

If I then take out the 'else' entirely, the error then disappears and my
server seems to work fine. It performs the MAC auth, then goes through to
doing the EAP-TTLS auth.

My question is, is removing the else going to cause issues, and if so, how
can I get around my error?

Many thanks!