when I deploy freeipa with build-in LDAP( 389 DS), and create user with OTP password enabled, I can integrate into freeradius with LDAP module to authenticate against Network Access Service( Switch.etc) with user's password and OTP password.
My question is that, our vpn only supports MSchap authenticaion, while I want to use MS Active Directory as freeipa datastore ( Don't use 389 DS) , if OTP works as well, it's great.
yet judging from https://www.freeipa.org/page/V4/OTP, it's only applicable to LDAP.
freeipa-users@lists.fedorahosted.org