230 likes | 572 Vues
Article & Slides:. www.idiom.com / ~ sherman / paul / pubs / netcmd. Just Enough SAS to Identify Yourself in a Networked World. Paul Sherman Na Li. Overview. What’s wrong with networking Topology Authentication Process Pitfalls The net.exe command Example A %netauth utility macro.
 
                
                E N D
Article & Slides: www.idiom.com / ~sherman / paul / pubs / netcmd Just Enough SAS to Identify Yourself in a Networked World Paul Sherman Na Li
Overview • What’s wrong with networking • Topology • Authentication Process • Pitfalls • The net.exe command • Example • A %netauth utility macro
What’s Wrong With Networking • Permission denied. • Access is denied. • Lost connection ( Re-boot and forget to re-map? ) • But it runs on my local PC!
The Network is Your Friend • Time, Share & Use – in a single command • %sysexec() “x” gets you to DOS prompt • Everything has a UNC path: • Tell %netauth() whenever you need to CONNECT or DISCONNECT a remote host \\ Host name \ Share name \ file system path
Domains Network Topology • Typical of many large corporate intranets • Managed centrally • Easier to administrate • Synonymous access to all hosts BIOMETRIC MARY EFFICACY CODCORDC01 JEFF SAFETY CRFPROT JLO PDC codcor.psug.org
Workgroups Network Topology • Small labs and home offices • Managed individually • Cumbersome to administrate • Easier to develop applications within • Less prone to system-wide failures BIOMETRIC CRFPROT MARY JEFF EFFICACY SAFETY JLO
The Authentication Process • Client contacts Domain Controller (DC) • DC forwards request to host • Host responds to DC with accept or deny • DC grants access to Client • Client & Host can now communicate
The Authentication Process Workgroup  proceed CLIENT HOST  grant  auth CLIENT HOST  proceed Domain  respond  grant DOMAIN CONTROLLER PDC  auth  request
Pitfall #1 A Word About Scope Get Close
Pitfall #1 A Word About Scope map G: copy g:\raw.sd2 c:\ C:\user\john\sas copy c:\ae.prn g:\ John SAFETY runsas CRFPROT ae.prn raw.sd2 raw.sd2 G: Mary runsas marydat.sd2 marydat.sd2 ae.prn map G: copy g:\marydat.sd2 c:\ C:\user\mary\sas\dev John’s code (a) Fails (b) Writes output where it doesn’t belong (c) All of the above
Pitfall #1 More Words of Scope • Network resources are global to all users • Avoid absolute drive letter mappings • Use “UNC” path references, always John: net use \\safety\c$\user\john\sas /user:john j Mary: net use \\safety\c$\user\mary\sas\dev /user:mary m
Pitfall #2 Credential Conflict net use \\crfprot\ib /user:jeff j Jeff Read-only runsas CRFPROT auth. Jeff BIOMETRIC auth. Melissa runsas Melissa Read & Write net use \\crfprot\ib /user:melissa m This set of credentials conflicts with an existing set of credentials
Pitfall #2 Avoiding Credential Conflict • Schedule remote jobs synchronously, or • Use dotted-decimal addressing net use \\crfprot\ib /user:jeff j net use \\1.2.3.4\ib /user:melissa m ping the host to find its dotted-decimal address
Pitfall #3 The Case of the Wrong Case Jeff  Be careful with case in Auth & Usage ! runsas  123-45-6789.doc BIOMETRIC Permission Denied net use \\biometric\patprof\peopledata /user:jeff j copy c:\123-45-6789.doc \\biometric\PatProf\PeopleData
Networking “Best Practice” • Separate “Auth” and “Usage” tasks • Assert credentials with IPC$ virtual share • Work with remote host as normal • De-auth the IPC$ share when finished net use \\safety\ipc$ /user:melissa m copy \\safety\ae\x.prn \\safety\lab\x.prn del \\safety\logs\myprog.txt net use \\safety\ipc$ /d
The net.exe Command • Part of Windows since Win95 C:\> net time C:\> net view C:\> net use Check & Sync time Query shares & volumes Mount & Unmount drives
Example Synchronizing Time John EFFICACY 2:43 PM 3:06 PM 3:06 PM x ”net time \\efficacy.psug.org /set /y”;
Example Learning to Share Mary EFFICACY demog survival response net view \\efficacy.psug.org
Using %netauth() • Send message at start & end of remote work • Be careful with case of host, share and path %netauth(CONNECT); x “net time \\host /set /y”; x “copy c:\sas\work\out\*.gif \\host\web\Charts”; libname inlib “c:\sas\work\lib”; libname outlib “\\host\web\SASLib”; proc datasets; copy inlib outlib; run; libname outlib clear; libname inlib clear; %netauth(DISCONNECT);
How %netauth() Works %macro netauth( mode ); %local domain_a ua padomain_b ub pb; %let domain_a=ddd; %let ua=uuu; %let pa=ppp; %let domain_b=ddd; %let ub=uuu; %let pb=ppp; options xsync noxwait; %if %trim(%upcase(&mode.)) eq CONNECT %then %do; x “net use \\crfprot\ipc$ /user:&domain_a.\&ua. &pa.”; x “net use \\safety\ie /user:&domain_b.\&ub. &pb.”; %if %trim(%upcase(&mode.)) eq DISCONNECT %then %do; x “net use \\crfprot\ipc$ /d”; x “net use \\safety\ie /d”; %end; %else %do; put ERROR: bad &mode. Expected CONNECT or DISCONNECT); %end; %mend; Very important
Conclusion • Manage & control remote hosts with net.exe • Authenticate • What you need • When you neet it • Never longer than necessary • Never use drive letters! • UNC paths are Linux-compliant, too • Be careful with case
More Info … • Microsoft Knowledge Base 219898 – “How the Bad Password Count is Incremented in Windows NT” 314984 – “How to create and delete hidden or administrative shares on client computers” • Na Li “Applications for Running DOS Commands within SAS” PharmaSUG 2005, Posters, PO-13.
About the Speakers Paul D Sherman Electrical Engineer (408) 383 - 0471 sherman @ idiom.com Speaker Telephone E-Mail WebSite Na Li Sr. Project Analyst (408) 990 - 7293 nli @ pcyc.com www.idiom.com / ~sherman / paul / pubs / netcmd