Thanks for reply.
I carefully read the documentation and realized that this function is for other tasks.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
And now I have another problem. I have L2TP/IPSec server on my Mikrotik router. I want use
LDAP credentials (login + pass from FreeIPA) + FreeIPA OTP to authenticate on my
L2TP/IPSec server (on Mikrotik router). I deploy FreeRADIUS and it connect to LDAP
(FreeIPA), find user+pass and permit login in VPN.
But Mikrotik's radius client use only MS-CHAPv2 and I must add NT Hash for each
LDAP-user. And with NT hash I can not use FreeIPA OTP (NT hash static generated from
password only).
Is there way to use FreeIPA LDAP with OTP + FreeRADIUS for authenticate on VPN server
witch use MS-CHAPv2?
So I want use LDAP credentials for local login to system and LDAP credentials + FreeIPA
OTP for login to VPN.
I really want use FreeIPA OTP, because FreeIPA provides a personal area for each user.
User can change own pass, add OTP by himself, etc.
I hope that I can be understood. :-)