Article & Slides:
Download
1 / 23

paul sherman na li - PowerPoint PPT Presentation


  • 268 Views
  • Uploaded on

Article & Slides:. www.idiom.com / ~ sherman / paul / pubs / netcmd. Just Enough SAS to Identify Yourself in a Networked World. Paul Sherman Na Li. Overview. What’s wrong with networking Topology Authentication Process Pitfalls The net.exe command Example A %netauth utility macro.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'paul sherman na li' - Olivia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Article & Slides:

www.idiom.com / ~sherman / paul / pubs / netcmd

Just Enough

SAS

to Identify Yourself in a

Networked World

Paul Sherman

Na Li


Overview l.jpg
Overview

  • What’s wrong with networking

  • Topology

  • Authentication Process

  • Pitfalls

  • The net.exe command

  • Example

  • A %netauth utility macro


What s wrong with networking l.jpg
What’s Wrong With Networking

  • Permission denied.

  • Access is denied.

  • Lost connection ( Re-boot and forget to re-map? )

  • But it runs on my local PC!


The network is your friend l.jpg
The Network is Your Friend

  • Time, Share & Use – in a single command

  • %sysexec() “x” gets you to DOS prompt

  • Everything has a UNC path:

  • Tell %netauth() whenever you need to CONNECT or DISCONNECT a remote host

\\

Host

name

\

Share

name

\

file system

path


Domains l.jpg
Domains

Network Topology

  • Typical of many large corporate intranets

  • Managed centrally

  • Easier to administrate

  • Synonymous access to all hosts

BIOMETRIC

MARY

EFFICACY

CODCORDC01

JEFF

SAFETY

CRFPROT

JLO

PDC

codcor.psug.org


Workgroups l.jpg
Workgroups

Network Topology

  • Small labs and home offices

  • Managed individually

  • Cumbersome to administrate

  • Easier to develop applications within

  • Less prone to system-wide failures

BIOMETRIC

CRFPROT

MARY

JEFF

EFFICACY

SAFETY

JLO


The authentication process l.jpg
The Authentication Process

  • Client contacts Domain Controller (DC)

  • DC forwards request to host

  • Host responds to DC with accept or deny

  • DC grants access to Client

  • Client & Host can now communicate


The authentication process8 l.jpg
The Authentication Process

Workgroup

 proceed

CLIENT

HOST

 grant

 auth

CLIENT

HOST

 proceed

Domain

 respond

 grant

DOMAIN

CONTROLLER

PDC

 auth

 request


A word about scope l.jpg

Pitfall #1

A Word About Scope

Get Close


A word about scope10 l.jpg

Pitfall #1

A Word About Scope

map G:

copy g:\raw.sd2 c:\

C:\user\john\sas

copy c:\ae.prn g:\

John

SAFETY

runsas

CRFPROT

ae.prn

raw.sd2

raw.sd2

G:

Mary

runsas

marydat.sd2

marydat.sd2

ae.prn

map G:

copy g:\marydat.sd2 c:\

C:\user\mary\sas\dev

John’s code (a) Fails

(b) Writes output where it doesn’t belong

(c) All of the above


More words of scope l.jpg

Pitfall #1

More Words of Scope

  • Network resources are global to all users

  • Avoid absolute drive letter mappings

  • Use “UNC” path references, always

John:

net use \\safety\c$\user\john\sas

/user:john j

Mary:

net use \\safety\c$\user\mary\sas\dev

/user:mary m


Credential conflict l.jpg

Pitfall #2

Credential Conflict

net use \\crfprot\ib /user:jeff j

Jeff

Read-only

runsas

CRFPROT

auth. Jeff

BIOMETRIC

auth. Melissa

runsas

Melissa

Read & Write

net use \\crfprot\ib /user:melissa m

This set of credentials conflicts with an existing set of credentials


Avoiding credential conflict l.jpg

Pitfall #2

Avoiding Credential Conflict

  • Schedule remote jobs synchronously, or

  • Use dotted-decimal addressing

net use \\crfprot\ib /user:jeff j

net use \\1.2.3.4\ib /user:melissa m

ping the host to find its dotted-decimal address


The case of the wrong case l.jpg

Pitfall #3

The Case of the Wrong Case

Jeff

 Be careful with case in Auth & Usage !

runsas

123-45-6789.doc

BIOMETRIC

Permission Denied

net use \\biometric\patprof\peopledata /user:jeff j

copy c:\123-45-6789.doc \\biometric\PatProf\PeopleData


Networking best practice l.jpg
Networking “Best Practice”

  • Separate “Auth” and “Usage” tasks

  • Assert credentials with IPC$ virtual share

  • Work with remote host as normal

  • De-auth the IPC$ share when finished

net use \\safety\ipc$ /user:melissa m

copy \\safety\ae\x.prn \\safety\lab\x.prn

del \\safety\logs\myprog.txt

net use \\safety\ipc$ /d


The net exe command l.jpg
The net.exe Command

  • Part of Windows since Win95

C:\> net time

C:\> net view

C:\> net use

Check & Sync time

Query shares & volumes

Mount & Unmount drives


Synchronizing time l.jpg

Example

Synchronizing Time

John

EFFICACY

2:43 PM

3:06 PM

3:06 PM

x ”net time \\efficacy.psug.org /set /y”;


Learning to share l.jpg

Example

Learning to Share

Mary

EFFICACY

demog

survival

response

net view \\efficacy.psug.org


Using netauth l.jpg
Using %netauth()

  • Send message at start & end of remote work

  • Be careful with case of host, share and path

%netauth(CONNECT);

x “net time \\host /set /y”;

x “copy c:\sas\work\out\*.gif \\host\web\Charts”;

libname inlib “c:\sas\work\lib”;

libname outlib “\\host\web\SASLib”;

proc datasets; copy inlib outlib; run;

libname outlib clear;

libname inlib clear;

%netauth(DISCONNECT);


How netauth works l.jpg
How %netauth() Works

%macro netauth( mode );

%local domain_a ua padomain_b ub pb;

%let domain_a=ddd; %let ua=uuu; %let pa=ppp;

%let domain_b=ddd; %let ub=uuu; %let pb=ppp;

options xsync noxwait;

%if %trim(%upcase(&mode.)) eq CONNECT %then %do;

x “net use \\crfprot\ipc$ /user:&domain_a.\&ua. &pa.”;

x “net use \\safety\ie /user:&domain_b.\&ub. &pb.”;

%if %trim(%upcase(&mode.)) eq DISCONNECT %then %do;

x “net use \\crfprot\ipc$ /d”;

x “net use \\safety\ie /d”;

%end; %else %do;

put ERROR: bad &mode. Expected CONNECT or DISCONNECT);

%end;

%mend;

Very important


Conclusion l.jpg
Conclusion

  • Manage & control remote hosts with net.exe

  • Authenticate

    • What you need

    • When you neet it

    • Never longer than necessary

  • Never use drive letters!

  • UNC paths are Linux-compliant, too

  • Be careful with case


More info l.jpg
More Info …

  • Microsoft Knowledge Base

    219898 – “How the Bad Password Count is Incremented in Windows NT”

    314984 – “How to create and delete hidden or administrative shares on client computers”

  • Na Li

    “Applications for Running DOS Commands within SAS”

    PharmaSUG 2005, Posters, PO-13.


About the speakers l.jpg
About the Speakers

Paul D Sherman

Electrical Engineer

(408) 383 - 0471

sherman @ idiom.com

Speaker

Telephone

E-Mail

WebSite

Na Li

Sr. Project Analyst

(408) 990 - 7293

nli @ pcyc.com

www.idiom.com / ~sherman / paul / pubs / netcmd


ad