Paul Sherman Na Li Just Enough SAS to Identify Yourself in a Networked World / ~sherman / paul /...
-
Upload
edmund-webb -
Category
Documents
-
view
220 -
download
4
Transcript of Paul Sherman Na Li Just Enough SAS to Identify Yourself in a Networked World / ~sherman / paul /...
Paul Sherman
Na Li
Just EnoughSAS
to Identify Yourself in a
Networked World
www.idiom.com / ~sherman / paul / pubs / netcmdArticle & Slides:
Overview
• What’s wrong with networking
• Topology
• Authentication Process
• Pitfalls
• The net.exe command
• Example
• A %netauth utility macro
What’s Wrong With Networking
• Permission denied.
• Access is denied.
• Lost connection ( Re-boot and forget to re-map? )
• But it runs on my local PC!
The Network is Your Friend
• Time, Share & Use – in a single command
• %sysexec() “x” gets you to DOS prompt
• Everything has a UNC path:
• Tell %netauth() whenever you need to CONNECT or DISCONNECT a remote host
Hostname
Sharename
file systempath\\ \ \
• Typical of many large corporate intranets
• Managed centrally
• Easier to administrate
• Synonymous access to all hosts
Domains
CRFPROTSAFETY
BIOMETRIC
EFFICACY
JLO
JEFF
MARY
codcor.psug.org
CODCORDC01
PDC
Network Topology
• Small labs and home offices
• Managed individually
• Cumbersome to administrate
• Easier to develop applications within
• Less prone to system-wide failures
Workgroups
CRFPROT
SAFETY
BIOMETRIC
EFFICACYJLOJEFF
MARY
Network Topology
• Client contacts Domain Controller (DC)
• DC forwards request to host
• Host responds to DC with accept or deny
• DC grants access to Client
• Client & Host can now communicate
The Authentication Process
The Authentication Process
CLIENT HOST
DOMAINCONTROLLER
PDC
auth request
respond
proceed
grant
CLIENT HOST auth
grant
proceed
Wor
kgro
upD
omai
n
A Word About Scope
MarySAFETY
runsas
CRFPROTrunsas
John’s code (a) Fails(b) Writes output where it doesn’t belong(c) All of the above
copy g:\raw.sd2 c:\copy c:\ae.prn g:\
copy g:\marydat.sd2 c:\
C:\user\john\sas
G:
C:\user\mary\sas\dev
map G:
map G:
marydat.sd2marydat.sd2
raw.sd2ae.prn
ae.prn
raw.sd2
John
Pitfall #1
More Words of Scope
• Network resources are global to all users
• Avoid absolute drive letter mappings• Use “UNC” path references, always
net use \\safety\c$\user\john\sas/user:john j
net use \\safety\c$\user\mary\sas\dev/user:mary m
John:
Mary:
Pitfall #1
auth. Jeff
auth. Melissa
runsas
runsas
Credential Conflict
Jeff
Read & Write
net use \\crfprot\ib /user:jeff j
net use \\crfprot\ib /user:melissa m
This set of credentials conflicts with an existing set of credentials
CRFPROT
Read-only
BIOMETRIC
Melissa
Pitfall #2
Avoiding Credential Conflict
• Schedule remote jobs synchronously, or• Use dotted-decimal addressing
net use \\crfprot\ib /user:jeff j
net use \\1.2.3.4\ib /user:melissa m
ping the host to find its dotted-decimal address
Pitfall #2
runsas
The Case of the Wrong Case
Jeff
net use \\biometric\patprof\peopledata /user:jeff j
BIOMETRIC123-45-6789.doc
Be careful with case in Auth & Usage !
Permission Denied
copy c:\123-45-6789.doc \\biometric\PatProf\PeopleData
Pitfall #3
Networking “Best Practice”
• Separate “Auth” and “Usage” tasks• Assert credentials with IPC$ virtual share• Work with remote host as normal• De-auth the IPC$ share when finished
net use \\safety\ipc$ /user:melissa mcopy \\safety\ae\x.prn \\safety\lab\x.prndel \\safety\logs\myprog.txt
net use \\safety\ipc$ /d
The net.exe Command
• Part of Windows since Win95
C:\> net timeC:\> net viewC:\> net use
Check & Sync time
Query shares & volumes
Mount & Unmount drives
Synchronizing Time
John EFFICACY
2:43 PM 3:06 PM
x ”net time \\efficacy.psug.org /set /y”;
3:06 PM
Example
• Send message at start & end of remote work• Be careful with case of host, share and path
Using %netauth()
%netauth(CONNECT);
x “net time \\host /set /y”;x “copy c:\sas\work\out\*.gif \\host\web\Charts”;libname inlib “c:\sas\work\lib”;libname outlib “\\host\web\SASLib”;proc datasets; copy inlib outlib; run;libname outlib clear;libname inlib clear;
%netauth(DISCONNECT);
How %netauth() Works%macro netauth( mode ); %local domain_a ua pa domain_b ub pb; %let domain_a=ddd; %let ua=uuu; %let pa=ppp; %let domain_b=ddd; %let ub=uuu; %let pb=ppp;
options xsync noxwait;
%if %trim(%upcase(&mode.)) eq CONNECT %then %do; x “net use \\crfprot\ipc$ /user:&domain_a.\&ua. &pa.”; x “net use \\safety\ie /user:&domain_b.\&ub. &pb.”;
%if %trim(%upcase(&mode.)) eq DISCONNECT %then %do; x “net use \\crfprot\ipc$ /d”; x “net use \\safety\ie /d”;
%end; %else %do; put ERROR: bad &mode. Expected CONNECT or DISCONNECT); %end;%mend;
Very important
Conclusion
• Manage & control remote hosts with net.exe
• Authenticate• What you need• When you neet it• Never longer than necessary
• Never use drive letters!
• UNC paths are Linux-compliant, too
• Be careful with case
More Info …
• Microsoft Knowledge Base
219898 – “How the Bad Password Count is Incremented in Windows NT”
314984 – “How to create and delete hidden or administrative shares on client computers”
• Na Li“Applications for Running DOS Commands within SAS”
PharmaSUG 2005, Posters, PO-13.