Re: Multiple authenication methods
I just guess that you are talking about something usually called 'chained authentication'.
So situation where user's name and password is verified against LDAP and then 2FA token verified against RADIUS.
AFAIK you can have LDAP based users with 2FA token on FortiGate, but user account is created on FortiGate, just pointing to LDAP, and token is also FortiToken, configured on FortiGate.
Keep in mind that FortiGate's primary role is firewall. Not NPS (Network Policy Server)!
If you need chained authentication towards 3rd party LDAP and another 3rd party RADIUS (two different servers), like users in LDAP and tokens in RSA, then this is supported on FortiAuthenticator, only.
Do you really have two separate servers for authentication ?
Could you consolidate them somehow or change auth schema?
(Like use FortiTokens on FortiGate directly for LDAP users, without RADIUS, or if mentioned RADIUS is MSFT NPS then this could be used over RADIUS but de-facto authenticating users against AD back-end.)
There is always multiple ways how to set it up, all depends on what you have, need, and is able to change.