1 / 23

Paul Sherman Na Li

Article & Slides:. www.idiom.com / ~ sherman / paul / pubs / netcmd. Just Enough SAS to Identify Yourself in a Networked World. Paul Sherman Na Li. Overview. What’s wrong with networking Topology Authentication Process Pitfalls The net.exe command Example A %netauth utility macro.

Olivia
Download Presentation

Paul Sherman Na Li

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Article & Slides: www.idiom.com / ~sherman / paul / pubs / netcmd Just Enough SAS to Identify Yourself in a Networked World Paul Sherman Na Li

  2. Overview • What’s wrong with networking • Topology • Authentication Process • Pitfalls • The net.exe command • Example • A %netauth utility macro

  3. What’s Wrong With Networking • Permission denied. • Access is denied. • Lost connection ( Re-boot and forget to re-map? ) • But it runs on my local PC!

  4. The Network is Your Friend • Time, Share & Use – in a single command • %sysexec() “x” gets you to DOS prompt • Everything has a UNC path: • Tell %netauth() whenever you need to CONNECT or DISCONNECT a remote host \\ Host name \ Share name \ file system path

  5. Domains Network Topology • Typical of many large corporate intranets • Managed centrally • Easier to administrate • Synonymous access to all hosts BIOMETRIC MARY EFFICACY CODCORDC01 JEFF SAFETY CRFPROT JLO PDC codcor.psug.org

  6. Workgroups Network Topology • Small labs and home offices • Managed individually • Cumbersome to administrate • Easier to develop applications within • Less prone to system-wide failures BIOMETRIC CRFPROT MARY JEFF EFFICACY SAFETY JLO

  7. The Authentication Process • Client contacts Domain Controller (DC) • DC forwards request to host • Host responds to DC with accept or deny • DC grants access to Client • Client & Host can now communicate

  8. The Authentication Process Workgroup  proceed CLIENT HOST  grant  auth CLIENT HOST  proceed Domain  respond  grant DOMAIN CONTROLLER PDC  auth  request

  9. Pitfall #1 A Word About Scope Get Close

  10. Pitfall #1 A Word About Scope map G: copy g:\raw.sd2 c:\ C:\user\john\sas copy c:\ae.prn g:\ John SAFETY runsas CRFPROT ae.prn raw.sd2 raw.sd2 G: Mary runsas marydat.sd2 marydat.sd2 ae.prn map G: copy g:\marydat.sd2 c:\ C:\user\mary\sas\dev John’s code (a) Fails (b) Writes output where it doesn’t belong (c) All of the above

  11. Pitfall #1 More Words of Scope • Network resources are global to all users • Avoid absolute drive letter mappings • Use “UNC” path references, always John: net use \\safety\c$\user\john\sas /user:john j Mary: net use \\safety\c$\user\mary\sas\dev /user:mary m

  12. Pitfall #2 Credential Conflict net use \\crfprot\ib /user:jeff j Jeff Read-only runsas CRFPROT auth. Jeff BIOMETRIC auth. Melissa runsas Melissa Read & Write net use \\crfprot\ib /user:melissa m This set of credentials conflicts with an existing set of credentials

  13. Pitfall #2 Avoiding Credential Conflict • Schedule remote jobs synchronously, or • Use dotted-decimal addressing net use \\crfprot\ib /user:jeff j net use \\1.2.3.4\ib /user:melissa m ping the host to find its dotted-decimal address

  14. Pitfall #3 The Case of the Wrong Case Jeff  Be careful with case in Auth & Usage ! runsas  123-45-6789.doc BIOMETRIC Permission Denied net use \\biometric\patprof\peopledata /user:jeff j copy c:\123-45-6789.doc \\biometric\PatProf\PeopleData

  15. Networking “Best Practice” • Separate “Auth” and “Usage” tasks • Assert credentials with IPC$ virtual share • Work with remote host as normal • De-auth the IPC$ share when finished net use \\safety\ipc$ /user:melissa m copy \\safety\ae\x.prn \\safety\lab\x.prn del \\safety\logs\myprog.txt net use \\safety\ipc$ /d

  16. The net.exe Command • Part of Windows since Win95 C:\> net time C:\> net view C:\> net use Check & Sync time Query shares & volumes Mount & Unmount drives

  17. Example Synchronizing Time John EFFICACY 2:43 PM 3:06 PM 3:06 PM x ”net time \\efficacy.psug.org /set /y”;

  18. Example Learning to Share Mary EFFICACY demog survival response net view \\efficacy.psug.org

  19. Using %netauth() • Send message at start & end of remote work • Be careful with case of host, share and path %netauth(CONNECT); x “net time \\host /set /y”; x “copy c:\sas\work\out\*.gif \\host\web\Charts”; libname inlib “c:\sas\work\lib”; libname outlib “\\host\web\SASLib”; proc datasets; copy inlib outlib; run; libname outlib clear; libname inlib clear; %netauth(DISCONNECT);

  20. How %netauth() Works %macro netauth( mode ); %local domain_a ua padomain_b ub pb; %let domain_a=ddd; %let ua=uuu; %let pa=ppp; %let domain_b=ddd; %let ub=uuu; %let pb=ppp; options xsync noxwait; %if %trim(%upcase(&mode.)) eq CONNECT %then %do; x “net use \\crfprot\ipc$ /user:&domain_a.\&ua. &pa.”; x “net use \\safety\ie /user:&domain_b.\&ub. &pb.”; %if %trim(%upcase(&mode.)) eq DISCONNECT %then %do; x “net use \\crfprot\ipc$ /d”; x “net use \\safety\ie /d”; %end; %else %do; put ERROR: bad &mode. Expected CONNECT or DISCONNECT); %end; %mend; Very important

  21. Conclusion • Manage & control remote hosts with net.exe • Authenticate • What you need • When you neet it • Never longer than necessary • Never use drive letters! • UNC paths are Linux-compliant, too • Be careful with case

  22. More Info … • Microsoft Knowledge Base 219898 – “How the Bad Password Count is Incremented in Windows NT” 314984 – “How to create and delete hidden or administrative shares on client computers” • Na Li “Applications for Running DOS Commands within SAS” PharmaSUG 2005, Posters, PO-13.

  23. About the Speakers Paul D Sherman Electrical Engineer (408) 383 - 0471 sherman @ idiom.com Speaker Telephone E-Mail WebSite Na Li Sr. Project Analyst (408) 990 - 7293 nli @ pcyc.com www.idiom.com / ~sherman / paul / pubs / netcmd

More Related