Thanks for reply.
I carefully read the documentation and realized that this function is for other tasks. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
And now I have another problem. I have L2TP/IPSec server on my Mikrotik router. I want use LDAP credentials (login + pass from FreeIPA) + FreeIPA OTP to authenticate on my L2TP/IPSec server (on Mikrotik router). I deploy FreeRADIUS and it connect to LDAP (FreeIPA), find user+pass and permit login in VPN. But Mikrotik's radius client use only MS-CHAPv2 and I must add NT Hash for each LDAP-user. And with NT hash I can not use FreeIPA OTP (NT hash static generated from password only).
Is there way to use FreeIPA LDAP with OTP + FreeRADIUS for authenticate on VPN server witch use MS-CHAPv2? So I want use LDAP credentials for local login to system and LDAP credentials + FreeIPA OTP for login to VPN.
I really want use FreeIPA OTP, because FreeIPA provides a personal area for each user. User can change own pass, add OTP by himself, etc.
I hope that I can be understood. :-)