Configure PIX to use both TACACS and RADIUS for VPN

Similar Messages

• Should I use both GetList and  GetDetail for creating a Data Object?

  Hello, all.
  At first, Thanks for your interesting.
  1. I wounder that  I can make a BAPI Wrapper as Data Object using only GetList.
  When I make a BAPI Wrapper as Data Object using only GetList, SAP shows me a message.
  The message says Data Object can have one root node only (hierarchy = 1 ).
  It means I should use both GetList and  GetDetail.
  I understand that.
  If i need to use only GetList, is there any way?
  Thanks for your interesting again.

  Hi
  I think you are trying to import BAPI wrapper as data object and you are using only "Getlist" BAPI.
  In such case, the data object created will have only root node. i.e Hierarchy =1.
  This is becuse the GetList BAPI has only the info about root node.(i.e, table parameter).
  If you have multiple tables in BE and you want to create a DO with multiple node(hierarchy >1) using BAPI wrapper import, then you have to use "GetDetail" BAPI along with GetList.
  Regards
  Rohith

• Can we use both 0FI_AP_3 and 0FI_AP_4 for Delta Loads at the same time.....

  Hi Gurus:
  Currently my company uses 0FI_AP_3 for some A/P reporting. It has been heavily customized & uses Delta loading. However, SAP recommends the use of "0FI_AP_4" for A/P data fro delta loads. I was able to Activate 0FI_AP_4 as well & do some Full Loads in Dev/Test boxes. Question is whether I can use both the extractors for "Delta" loads at the same time......? If there are any issue, what is the issue and how ccan I resolve it? Is the use of only one extractor recommended......??
  Please let me know as this impacts a lot of my development....! Thanks....
  Best...... ShruMaa
  PS:  I had posted this in "BI Extractors" forum but there has been no response......  Hope to get some response.......!  Thanks

  Hi,
  I would recommend you to use 0FI_AP_4 rather using both, particularly for many reasons -
  1. DS: 0FI_AP_4  replaces DataSource 0FI_AP_3 and still uses the same extraction structure. For more details refer to the OSS note 410797.
  2. You can run the 0FI_AP_4 independent of any other FI datasources like 0FI_AR_4 and 0FI_GL_4 or even 0FI_GL_14. For more details refer to the OSS note: 551044.
  3. Map the 0FI_AP_4 to DSO: 0FIAP_O03 (or create a Z one as per your requirement).
  4. Load the same to a InfoCube (0FIAP_C03).
  Hope this helps.
  Thanks.
  Nazeer

• How to configure PlugAccts that use both balance and flow type source accounts?

  In this application I am maintaining, there is a plugAcct that is account type liability.  The source accounts for this plug account are revenue, expense, asset, and liability (approx 30 accts).  The data in the source accounts balances perfectly by entity.  That is, the credits exactly equal the debits in the source accounts, so the plug account should net to zero at the base entity level (value dimension = elimination).  However, there is a balance in the plug account at the base entity level (value dimension member = elimination).  What is happening is that when eliminations are calculated they are using periodic values for the flow type accounts. The balance in the plugAcct is equal to the prior months YTD total. So only the current month activity is being eliminated.  I changed the account type for the plugAcct to revenue (from liability) and tried again.  This did not resolve the problem. There is no custom consolidation logic in this application.  The scenario is configured for YTD numbers (it is an Actuals scenario).  Balances are always loaded YTD. And yes it is fully consolidated.
  Any ideas?

  Set up your mac.com account again on devices.  Turn off Mail and other data syncing with this account on your wife's devices for data that you want to keep separate.  Then set up a second ("secondary") iCloud account on your wife's devices to sync Mail.
  If you already set up a separate iCloud account on your wife's devices, on her devices go to Settings>iCloud, tap Delete Account, then sign back in your your mac.com ID.  Turn on the data you want to share with this account across all devices; don't turn Mail on.  Then go to Settings>Mail,Contacts,Calendars>Add Account>iCloud and enter her separate iCloud credentials and turn Mail to On.
  The only downside to this approach is that her email will be fetch, not push email.  Push email is only supported in the main ("primary") account, not a secondary account.
  The limitations to be aware of with secondary accounts are that only the primary account can be used for Photo Stream, Bookmarks, Documents, iCloud Backup and Find My Device.  Also, push mail only works for the primary account; secondary account mail is fetch.

• Why does TestStand use both comma and period for decimal point separation?

  TestStand stores our test data to a SQL server using SQL Server Stored Proc, but for some reason a comma is used for separation (double values) for "PROP_NUMERICLIMIT.HighLimit" and "PROP_NUMERICLIMIT.LowLimt", but not for "PROP_RESULT.Data" (or any other numeric value field). Why is that? I haven't been able to figure out if it is a bug or if I have missed some step in the configuration.

  I ran across this in the TestStand Help. You might want to try the change in the ODBC Administrator.
  When you use the MySQL ODBC driver and the operating computer specifies a comma character as the decimal symbol character, the ODBC driver might return an error because the ODBC driver internally converts a floating-point value to a string value. The computer locale causes MySQL to interpret the comma decimal symbol character in the SQL syntax as a multi-value list character separator. Configure the MySQL data source in the ODBC Administrator and enable the Don't Use Set Locale option in the Miscellaneous Options section to resolve this error.

• Everytime I try to open a creative cloud product, the program closes. I need to use both illustrator and indesign for school and I was wondering if anyone had any advice on how to actually make the program work?

  If anyone has any advice on how to make creative cloud programs work please let me know!
  Any help is appreciated.

  These questions below may be for a different product... but the KIND of information you need to supply is the same, for the products you use
  More information needed for someone to help... please click below and provide the requested information
  -Premiere Pro Video Editing Information FAQ http://forums.adobe.com/message/4200840

• Cisco ISE with TACACS+ and RADIUS both?

  Hello,
  I am initiating wired authentication on an existing network using Cisco ISE. I have been studying the requirements for this. I know I have to turn on RADIUS on the Cisco switches on the network. The switches on the network are already programmed for TACACS+. Does anybody know if they can both operate on the same network at the same time?
  Bob

  Hello Robert,
  I believe NO, they both won't work together as both TACACS and Radius are different technologies.
  It's just because that TACACS encrypts the whole message and Radius just the password, so I believe it won't work.
  For your reference, I am sharing the link for the difference between TACACS and Radius.
  http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml
  Moreover, Please review the information as well.
  Compare TACACS+ and RADIUS
  These sections compare several features of TACACS+ and RADIUS.
  UDP and TCP
  RADIUS uses UDP while TACACS+ uses TCP. TCP offers several advantages over UDP. TCP offers a connection-oriented transport, while UDP offers best-effort delivery. RADIUS requires additional programmable variables such as re-transmit attempts and time-outs to compensate for best-effort transport, but it lacks the level of built-in support that a
  TCP transport offers:
  TCP usage provides a separate acknowledgment that a request has been received, within (approximately) a network round-trip time (RTT), regardless of how loaded and slow the backend authentication mechanism (a TCP acknowledgment) might be.
  TCP provides immediate indication of a crashed, or not running, server by a reset (RST). You can determine when a server crashes and returns to service if you use long-lived TCP connections. UDP cannot tell the difference between a server that is down, a slow server, and a non-existent server.
  Using TCP keepalives, server crashes can be detected out-of-band with actual requests. Connections to multiple servers can be maintained simultaneously, and you only need to send messages to the ones that are known to be up and running.
  TCP is more scalable and adapts to growing, as well as congested, networks.
  Packet Encryption
  RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party.
  TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted for more secure communications.
  Authentication and Authorization
  RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization.
  TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information.
  During a session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism.
  Multiprotocol Support
  RADIUS does not support these protocols:
  AppleTalk Remote Access (ARA) protocol
  NetBIOS Frame Protocol Control protocol
  Novell Asynchronous Services Interface (NASI)
  X.25 PAD connection
  TACACS+ offers multiprotocol support.
  Router Management
  RADIUS does not allow users to control which commands can be executed on a router and which cannot. Therefore, RADIUS is not as useful for router management or as flexible for terminal services.
  TACACS+ provides two methods to control the authorization of router commands on a per-user or per-group basis. The first method is to assign privilege levels to commands and have the router verify with the TACACS+ server whether or not the user is authorized at the specified privilege level. The second method is to explicitly specify in the TACACS+ server, on a per-user or per-group basis, the commands that are allowed.
  Interoperability
  Due to various interpretations of the RADIUS Request for Comments (RFCs), compliance with the RADIUS RFCs does not guarantee interoperability. Even though several vendors implement RADIUS clients, this does not mean they are interoperable. Cisco implements most RADIUS attributes and consistently adds more. If customers use only the standard RADIUS attributes in their servers, they can interoperate between several vendors as long as these vendors implement the same attributes. However, many vendors implement extensions that are proprietary attributes. If a customer uses one of these vendor-specific extended attributes, interoperability is not possible.
  Traffic
  Due to the previously cited differences between TACACS+ and RADIUS, the amount of traffic generated between the client and server differs. These examples illustrate the traffic between the client and server for TACACS+ and RADIUS when used for router management with authentication, exec authorization, command authorization (which RADIUS cannot do), exec accounting, and command accounting (which RADIUS cannot do).

• Can I use both SID and SERVICE_NAME in my DG configuration?

  Hello,
  Need little guidance for the following senario
  I've got a shared database where more then one application connects to. To configure failover from primary to standby, I need SERVICE_NAME'ing but my applications connect using SID naming conventions to this DB
  Can I use both SID and SERVICE_NAME in DG configuration + make the applications failover to STANDBY DB as well?
  Regards,
  Kam

  You will hardly achieve a proper connect to your new Primary using SIDs after switchover.
  Stay away from using SID - connects with your applications and use application services for that instead.
  Kind regards
  Uwe Hesse
  http://uhesse.wordpress.com

• Tacacs+ for exec and radius for ppp on the same ras

  Hi, I'm going to implement tacacs+ for exec control and RADIUS for ppp control in a ras router, using the same ACS for tacacs+ and radius sessions.
  Is there any problem with this kind of configuration ?
  thank you in advance
  Renato

  Renato
  I have recently done something very similar at a customer site. On a remote access server we configured it to use TACACS for exec control and to use Radius for ppp. In our case we are using different servers but I do not think that would be an issue. We also are generating aaa accounting records for the ppp sessions and sending the accounting records to the TACACS server. I have not had any particular problems with getting this to work.
  HTH
  Rick

• How to configure automatical startup of both ASM and Database

  I created a ASM and a database that uses this ASM for file storage management. I also edit the /etc/oratab file as followings:
  +ASM:/u01/app/oracle/product/10.2.0/asm:Y
  orcl:/u01/app/oracle/product/10.2.0/db_1:Y
  However, when I reboot the system, both ASM and database instances cannot be started up automatically.
  How can I configure automatical startup of both ASM and Database at system reboot?
  Thanks in advance!

  try the following
  Create file called startdb.sh in $ORACLE_HOME/bin and put following line into startdb.sh and
  change the permission of the file with following command.
  $vi $ORACLE_HOME/bin/startdb.sh
  su - oracle -c 'sh /oracle/product/10.2.0/db_1/bin/dbstart'
  Please replace /oracle/product/10.2.0/db_1/ with your ORACLE_HOME
  $chmod 777 $ORACLE_HOME/bin/startdb.sh
  Open /etc/inittab file and append following two lines in /etc/inittab.
  h2:35:once:/etc/init.d/init.cssd start >/dev/null 2>&1 </dev/null
  h3:35:wait:/oracle/product/10.2.0/db_1/bin/startdb.sh >/tmp/stdb.out 2>&1
  If you have h2,h3 in the inittab file please feel free to change it to h4,h5 or whatever is unique, but it has to be unique name
  Please replace /oracle/product/10.2.0/db_1/ with your ORACLE_HOME.
  Reboot machine and check out whether both instances are getting started or not.Please check $ORACLE_HOME/startup.log for more information.
  rgds
  alan

• Can I use both Wifi and a Lan connection at the same time?

  With me back in the dorms I have been limited to a slower connection than what I would like. Now we are able to use both Wifi and a Lan line so I was wondering to somewhat "double" my speed if there was any way to use both connections at the same time.
  Now I know that you can have both plugged in at the same time, I guess what I'm asking is, is there a way that I could set programs to use one or the other? Or some kind of virtual desktop that is set to use the other connection or anything that would allow both be used at the same time.
  Or am I just wishing for something that doesn't have any possible way to work?
  -nathan
  MacBook pro 2.16 C2D 2gb ram   Mac OS X (10.4.8)  

  You can use both at the same time, but not gor Internet access if that's what you're asking.
  Now there is a thing called Link Aggregation, which combines a number of interfaces for speed/redundancy, but it really only works locally, and then only with ALL special equipment in the route, and most likely OSX Server involved.
  Sorry.

• Can we use both INSERT and UPDATE at the same time in JDBC Receiver

  Hi All,
  I would like to know is it possible to use both INSERT and UPDATE at the same time in one interface because I have a requirement in which I have to perform both the task.
  user send the file which contains both new and old record and I need to save those in MS SQL database.
  If the record exist then use UPDATE otherwise use INSERT.
  I looked on sdn but didn't find any blog which perform both the things at the same time.
  Interface Requirement
  FILE -
  > PI -
  > JDBC(INSERT & UPDATE)
  I am thinking to use JDBC Lookup but not sure if it good to use for bulk record.
  Can somebody please suggest me something or send me the link of any blog or anything to solve this problem.
  Thanks,

  Hi ,
            If I have understood properly the scenario properly,you are not performing insert and update together. As you posted
  "If the record exist then use UPDATE otherwise use INSERT."
  Thus you are performing either an insert or an update which depends on outcome of a search if the records already exist in database or not. Obviously to search the tables you need " select * from ...  where ...." query. If your query returns some results you proceed with update since this means there are some old records already in database. If your query returns no rows  you proceed with "insert into tablename....." since there are no old records present in database.
    Now perhaps the best method to do the searching, taking a decision to insert or update, and finally insert or update operation is to be done by a stored procedure in MS SQL database.  A stored procedure is a subroutine available to applications accessing a relational database system. Here the application is PI server.   If you need further help on how to write and call stored procedure in MS SQL you can look into these links
  http://www.daniweb.com/web-development/databases/ms-sql/threads/146829
  http://www.sqlteam.com/article/stored-procedures-parameters-inserts-and-updates
  [ This part you can ignore, Since its not sure that you will face this situation
      Still you might face some problems while your scenario runs. Lets consider this scenario, after the stored procedure searches the database it found no rows. Thus you proceed with an insert operation. If your database table is being accessed by multiple applications (or users) other than yours then it is very well possible that after the search operation completed with a null result, an insert/update operation has been performed by some other application with the same primary key. Now when you are trying to insert another row with same primary key you get an error message like "duplicate entry not possible for same primary key value". Thus you need to be careful in this respect. MS SQL has a feature called "exclusive locks ". Look into these links for more details on the subject
  http://msdn.microsoft.com/en-us/library/aa213039(v=sql.80).aspx
  http://www.mssqlcity.com/Articles/Adm/SQL70Locks.htm
  http://www.faqs.org/docs/ppbook/r27479.htm
  http://msdn.microsoft.com/en-US/library/ms187373.aspx
  http://msdn.microsoft.com/en-US/library/ms173763.aspx
  http://msdn.microsoft.com/en-us/library/e7z8d5hf(v=vs.80).aspx
  http://mssqlserver.wordpress.com/2006/11/08/locks-in-sql/
  http://www.mollerus.net/tom/blog/2008/03/using_mssqls_nolock_for_faster_queries.html
      There must be other methods to avoid this problem. But the point is you need to be sure that all access to database for insert/update operations are isolated.
  regards
  Anupam

• Since my last firefox update, I have been unable to type an email - the text box does not appear when I press 'reply' , or press 'compose'. The email provider is '123-reg.co.uk. I have been using both firefox and the provider ['webfusion Ltd/webmail123] s

  Hello. Since my last firefox update, I have been unable to type an email - the box within which one would usually type does not appear when I press 'reply' to a received email, or press 'compose'. The email provider is '123-reg.co.uk. I have been using both firefox and the provider ['webfusion Ltd/webmail123] successfully for well over a year. The provider says it is a browser problem. I can still add an attachment to the email header, which successfully can be sent, but the recipient gets my standard email 'signature' with font messages and the attachment. Can anyone help? My email addresses are [email protected] [this is the one with the issue] and [email protected] in English
  == today

  My daughter has had her Razr for about 9 months now.  About two weeks ago she picked up her phone in the morning on her way to school when she noticed two cracks, both starting at the camera lens. One goes completely to the bottom and the other goes sharply to the side. She has never dropped it and me and my husband went over it with a fine tooth comb. We looked under a magnifying glass and could no find any reason for the glass to crack. Not one ding, scratch or bang. Our daughter really takes good care of her stuff, but we still wanted to make sure before we sent it in for repairs. Well we did and we got a reply from Motorola with a picture of the cracks saying this was customer abuse and that it is not covered under warranty. Even though they did not find any physical damage to back it up. Well I e-mailed them back and told them I did a little research and found pages of people having the same problems. Well I did not hear from them until I received a notice from Fed Ex that they were sending the phone back. NOT FIXED!!! I went to look up why and guess what there is no case open any more for the phone. It has been wiped clean. I put in the RMA # it comes back not found, I put in the ID #, the SN# and all comes back not found. Yet a day earlier all the info was there. I know there is a lot more people like me and all of you, but they just don't want to be bothered so they pay to have it fix, just to have it do it again. Unless they have found the problem and only fixing it on a customer pay only set up. I am furious and will not be recommending this phone to anyone. And to think I was considering this phone for my next up grade! NOT!!!!

• HP Laserjet Pro 400 Printer unable to print docs using both letter and legal paper

  HELP!!  Have been using an HP Laserjet Pro 400 M425dn dual tray printer for 2 years, along with a Dell laptop.  Always had ability to send documents to print using both letter and legal size paper.  Under print set-up on laptop, the option checked was always set to "Choose Paper Source by PDF Paper Size".  Now I've just purchased an HP Envy All-in-One Desktop, which does not offer that option under Print Set-Up.  While it allows for 'Auto Selection' of paper size, you are required to choose either letter or legal size paper.  I've called tech support 3 times, the latest call earlier this am, only to be disconnected.  Yesterday I was told that I should go on hp/support and update drivers.  My husband downloaded drivers, but still no fix.  Unless this issue is resolved asap, I will have no option but to return this Envy Desktop, as I cannot run my business without this option.
  Anyone have a similar problem?  How was it resolved?

  The available options will (probably) be determined by the printer driver in use.
  This , in turn, will be determined partly by which Operating System and version you are using.
  Once a printer model has been out in the field for some time (generally when the next generation (or two?) of devices has been announced to supersede it) that model becomes a 'legacy' device, and 'full-specification' printer drivers may no longer be supplied by the printer manufacturer, but basic (i.e. without too many options) drivers will (probably) instead be supplied with the operating system.

• I'm new to Mac and the program/all called Numbers. I'm trying to use both Average and small in the same formula. What's I'm trying to do is take 20 cells, find the 10 lowest numbers, then get the average and after that multiply it by .96

  I'm new to Mac and the program/all called Numbers. I'm trying to use both Average and small in the same formula. What's I'm trying to do is take 20 cells in a column,  find the 10 lowest numbers, then get the average and after that multiply it by .96  I used to use Excel and the formula worked fine in that. Here is my Formula
  =(average(small(H201:H220,{1,2,3,4,5,6,7,8,9,10})))*.96
  This formula worked in Excel and when I converted my spreadsheet over to Numbers, this formula no longer works.
  The best that I have been able to do so far is use small in 10 different cells, then get the average of the 10 cells and finally multiply that average by .96  So instead of using 1 cell, I'm using 12 cells to get my answer.
  This is a formula that I will be using all the time. The next cell would be =(average(small(H202:H221,{1,2,3,4,5,6,7,8,9,10})))*.96
  Hoping I explain myself well enough and that someone can help me.
  Thanks

  You can still do it in one cell but it will be more unruly than the Excel array formula.
  =average(small(H201:H220,1),small(H201:H220,2),small(H201:H220,3),...,small(H201:H220,10))*0.96
  where you would, of course, replace the "..." with the remaining six SMALL functions.