Transcript Just Enough SAS to Identify Yourself in a Networked World

Article & Slides:
www.idiom.com / ~sherman / paul / pubs / netcmd
Just Enough
SAS
to Identify Yourself in
a
Networked
World
Paul Sherman
Na Li
Overview
• What’s wrong with networking
• Topology
• Authentication Process
• Pitfalls
• The net.exe command
• Example
• A %netauth utility macro
What’s Wrong With Networking
• Permission denied.
• Access is denied.
• Lost connection ( Re-boot and forget to re-map? )
• But it runs on my local PC!
The Network is Your Friend
• Time, Share & Use – in a single command
• %sysexec() “x” gets you to DOS prompt
• Everything has a UNC path:
\\
Host
name
\
Share
name
\
file system
path
• Tell %netauth() whenever you need to
CONNECT or DISCONNECT a remote host
Network Topology
Domains
•
•
•
•
Typical of many large corporate intranets
Managed centrally
Easier to administrate
Synonymous access to all hosts
BIOMETRIC
MARY
JEFF
JLO
CODCORDC01
PDC
codcor.psug.org
EFFICACY
CRFPROT
SAFETY
Network Topology
Workgroups
•
•
•
•
•
Small labs and home offices
Managed individually
Cumbersome to administrate
Easier to develop applications within
Less prone to system-wide failures
MARY
CRFPROT
JEFF
JLO
BIOMETRIC
EFFICACY
SAFETY
The Authentication Process
• Client contacts Domain Controller (DC)
• DC forwards request to host
• Host responds to DC with accept or deny
• DC grants access to Client
• Client & Host can now communicate
Workgroup
The Authentication Process
CLIENT
Domain
CLIENT
 proceed
 grant
 auth
 proceed
 grant
 auth
HOST
HOST
 respond
DOMAIN
CONTROLLER
PDC
 request
Pitfall #1
A Word About Scope
Get Close
Pitfall #1
John
A Word About Scope
map G:
copy g:\raw.sd2 c:\
copy c:\ae.prn g:\
C:\user\john\sas
ae.prn
CRFPROT
Mary
raw.sd2
G:
marydat.sd2
map G:
copy g:\marydat.sd2 c:\
SAFETY
marydat.sd2
ae.prn
C:\user\mary\sas\dev
John’s code (a) Fails
(b) Writes output where it doesn’t belong
(c) All of the above
Pitfall #1
More Words of Scope
• Network resources are global to all users
• Avoid absolute drive letter mappings
• Use “UNC” path references, always
John:
net use \\safety\c$\user\john\sas
/user:john j
Mary:
net use \\safety\c$\user\mary\sas\dev
/user:mary m
Pitfall #2
Credential Conflict
net use \\crfprot\ib /user:jeff j
Read-only
Jeff
auth. Jeff
BIOMETRIC
Melissa
auth. Melissa
CRFPROT
Read & Write
net use \\crfprot\ib /user:melissa m
This set of credentials conflicts
with an existing set of credentials
Pitfall #2
Avoiding Credential Conflict
• Schedule remote jobs synchronously, or
• Use dotted-decimal addressing
net use \\crfprot\ib /user:jeff j
net use \\1.2.3.4\ib /user:melissa m
ping the host to find its dotted-decimal address
Pitfall #3
The Case of the Wrong Case
Jeff
123-45-6789.doc
Permission Denied

BIOMETRIC
net use \\biometric\patprof\peopledata /user:jeff j
copy c:\123-45-6789.doc \\biometric\PatProf\PeopleData
 Be careful with case in Auth & Usage !
Networking “Best Practice”
•
•
•
•
Separate “Auth” and “Usage” tasks
Assert credentials with IPC$ virtual share
Work with remote host as normal
De-auth the IPC$ share when finished
net use \\safety\ipc$ /user:melissa m
copy \\safety\ae\x.prn \\safety\lab\x.prn
del \\safety\logs\myprog.txt
net use \\safety\ipc$ /d
The net.exe Command
• Part of Windows since Win95
Check & Sync time
C:\> net time
C:\> net view
C:\> net use
Query shares & volumes
Mount & Unmount drives
Example
Synchronizing Time
John
2:43 PM
3:06 PM
EFFICACY
3:06 PM
x ”net time \\efficacy.psug.org /set /y”;
Example
Learning to Share
Mary
EFFICACY
demog
survival
response
net view \\efficacy.psug.org
Using %netauth()
• Send message at start & end of remote work
• Be careful with case of host, share and path
%netauth(CONNECT);
x “net time \\host /set /y”;
x “copy c:\sas\work\out\*.gif \\host\web\Charts”;
libname inlib “c:\sas\work\lib”;
libname outlib “\\host\web\SASLib”;
proc datasets; copy inlib outlib; run;
libname outlib clear;
libname inlib clear;
%netauth(DISCONNECT);
How %netauth() Works
%macro netauth( mode );
%local domain_a ua pa domain_b ub pb;
%let domain_a=ddd; %let ua=uuu; %let pa=ppp;
%let domain_b=ddd; %let ub=uuu; %let pb=ppp;
options xsync noxwait;
Very important
%if %trim(%upcase(&mode.)) eq CONNECT %then %do;
x “net use \\crfprot\ipc$ /user:&domain_a.\&ua. &pa.”;
x “net use \\safety\ie /user:&domain_b.\&ub. &pb.”;
%if %trim(%upcase(&mode.)) eq DISCONNECT %then %do;
x “net use \\crfprot\ipc$ /d”;
x “net use \\safety\ie /d”;
%end; %else %do;
put ERROR: bad &mode. Expected CONNECT or DISCONNECT);
%end;
%mend;
Conclusion
• Manage & control remote hosts with net.exe
• Authenticate
• What you need
• When you neet it
• Never longer than necessary
• Never use drive letters!
• UNC paths are Linux-compliant, too
• Be careful with case
More Info …
• Microsoft Knowledge Base
219898 – “How the Bad Password Count is Incremented in
Windows NT”
314984 – “How to create and delete hidden or administrative
shares on client computers”
• Na Li
“Applications for Running DOS Commands within SAS”
PharmaSUG 2005, Posters, PO-13.
About the Speakers
Speaker Na Li
Sr. Project Analyst
Telephone (408) 990 - 7293
E-Mail nli @ pcyc.com
Paul D Sherman
Electrical Engineer
(408) 383 - 0471
sherman @ idiom.com
Web Site www.idiom.com / ~sherman / paul / pubs / netcmd