Thanks for reply. I carefully read the documentation and realized that this function is for other tasks. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/otp#migrating-proprietary-otp
And now I have another problem. I have L2TP/IPSec server on my Mikrotik router. I want use LDAP credentials (login + pass from FreeIPA) + FreeIPA OTP to authenticate on my L2TP/IPSec server (on Mikrotik router). I deploy FreeRADIUS and it connect to LDAP (FreeIPA), find user+pass and permit login in VPN. But Mikrotik's radius client use only MS-CHAPv2 and I must add NT Hash for each LDAP-user. And with NT hash I can not use FreeIPA OTP (NT hash static generated from password only). Is there way to use FreeIPA LDAP with OTP + FreeRADIUS for authenticate on VPN server witch use MS-CHAPv2? So I want use LDAP credentials for local login to system and LDAP credentials + FreeIPA OTP for login to VPN. I really want use FreeIPA OTP, because FreeIPA provides a personal area for each user. User can change own pass, add OTP by himself, etc. I hope that I can be understood. :-) _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
