After following this guide I have a functional RADIUS server authenticating requests to PAM (and then to AD via SSSD), but whatever magic is supposed to lead PAM (or RADIUS? I can't tell where this is supposed to happen) to strip off the last six characters received and use them as your OTP code doesn't appear to be happening. If I put in my password, I get an Accept, if I put in my password with OTP immediately appended, I get a reject.
After following this guide I have a functional RADIUS server authenticating requests to PAM (and then to AD via SSSD), but whatever magic is supposed to lead PAM (or RADIUS? I can't tell where this is supposed to happen) to strip off the last six characters received and use them as your OTP code doesn't appear to be happening. If I put in my password, I get an Accept, if I put in my password with OTP immediately appended, I get a reject.