Download presentation
Presentation is loading. Please wait.
1
Web-Based NT Administration Via Perl George Kuetemeyer Thomas Jefferson University Hospital
2
George.Kuetemeyer@mail.tju.edu TJU/H Mission l Patient care l Education l Research
3
George.Kuetemeyer@mail.tju.edu TJU/H Demographics l 9,000 faculty/staff l 3,500 students
4
George.Kuetemeyer@mail.tju.edu TJU/H IT Infrastructure l ATM network l 5,000 PCs, Macs l IBM mainframe l Tandem mainframe l Unix/Linux servers l NT servers l NetWare servers
5
George.Kuetemeyer@mail.tju.edu Application Infrastructure l Mail*Hub mail switch/X.500 directory u Authentication u Role data l HP OpenMail (4,500 faculty/staff) l CS&T OpenTime (2,100 clients) l PeopleSoft l IDX/Last Word
6
George.Kuetemeyer@mail.tju.edu The Problem l Migration from NetWare to NT l NT admin tool issues l NT security model issues l Support staff training issues l Competing business models l Generalized fear and loathing
7
George.Kuetemeyer@mail.tju.edu NT Admin Tool Issues l GUI Interface not ideal for batch updates l Command line control limited l Batch file scripting limited l Scripting host proprietary l Platform-limited remote control capabilities
8
George.Kuetemeyer@mail.tju.edu NT Security Model Issues l Not very granular (as exposed by the GUI tools) l Not hierarchical (like NetWare 4.XX) l No obvious link to our X.500 directory l Didnt fit our IT support roles
9
George.Kuetemeyer@mail.tju.edu Support Staff Training Issues l GUI tools unfocused l Command line approach not user friendly
10
George.Kuetemeyer@mail.tju.edu Competing Business Models l Microsofts take on security different than ours l Monolithic technology vs. diverse technologies l Proprietary vs. open solutions l Commercial vs. non-profit environments
11
George.Kuetemeyer@mail.tju.edu Fear and Loathing l Microsoft replaces our favorite technologies l Microsoft replaces us l The Dark Side Syndrome
12
George.Kuetemeyer@mail.tju.edu General Problem Vendors Reality
13
George.Kuetemeyer@mail.tju.edu General Problem Vendors RealityOur Reality
14
George.Kuetemeyer@mail.tju.edu General Solution Vendors RealityOur RealityFilter
15
George.Kuetemeyer@mail.tju.edu General Solution Vendors RealityOur RealityFilter
16
George.Kuetemeyer@mail.tju.edu General Solution Vendors RealityOur RealityFilter
17
George.Kuetemeyer@mail.tju.edu The Solution - Perl l Powerful l Cross platform l Easy entrée to NT internals l Roll our own admin tools l Make them networkable l Tie in our legacy systems
18
George.Kuetemeyer@mail.tju.edu Phase 1 - Local Administration l Standardize on Perl l Start by back-ticking various command line functions l Replace with Perl/NT admin API packages as they become available
19
George.Kuetemeyer@mail.tju.edu Useful NT Admin Packages l Win32::NetAdmin.pm l Win32API::Net.pm l Win32::AdminMisc.pm l Win32::DomainAdmin.pm l Win32::FileSecurity.pm
20
George.Kuetemeyer@mail.tju.edu Phase 2 - Remote Administration l IO::Socket-based client l inetd from Pragma Systems u Useful companion for pre-fork NT Perl u Also provides telnet daemon l Perl-based request server called by inetd l Server interfaces with modular methods package l System can work with command line or web delivery mechanisms
21
George.Kuetemeyer@mail.tju.edu User InterfaceCGI Processing Client ProcessServer Process Authentication Perl NT Methods X.500 Directory Web Admin Overview Authentication NT Environment
22
George.Kuetemeyer@mail.tju.edu User InterfaceCGI Processing Client ProcessServer Process Authentication Perl NT Methods X.500 Directory Platform Overview Authentication NT Environment NT HP/UX Linux/Apache
23
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Authentication
24
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l X.500 Name/Password
25
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Main Menu
26
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Create Client Object Use K_Client; my $client = K_Client->new(host => pdc.jeff.com, port => 2000, sender => $param{sender}, pwd => $param{pwd}, key_file => /usr/local/keys/nt.txt, );
27
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Send Request $client->build_request(method => get_user_list, server =>, ); my $ok = $client->send_receive(); my $err = $client->get_errorcode(0); my @users = $client->get_result(0); my $msg = $client->get_msg(0); return ($ok,$err,$msg,\@users);
28
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Server Object use K_Server; use K_Methods::NT_Admin; use X500_Auth; my $hosts = { www.jeff.edu => 1, pdc.jeff.edu => 1 }; my $methods = K_Methods::NT_Admin->new(); my $server = K_Server->new(methods_obj => $admin, auth_sub => \&X500_Auth::auth_client, work_dir => 'd:/ntadmsrv, server_name => 'K_Server', log_file => d:/logs/k_admin.log', key_file => d:/keys/nt.txt', event_log => 1, ok_hosts => $hosts, ); $server->handle_request();
29
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Methods data structure $self->{methods} = { get_user_list => { method => sub { $self->get_user_list(@_) }, params => [ server ], role => $ops, event_id => 15, false_msg => sub { my %p = @_; return "Failed to get user list." }, true_msg => sub { my %p = @_; return "Got user list." }, },.
![NT Admin Walkthru l Methods data structure $self->{methods} = { get_user_list => { method => sub { }, params => [ server ], role => $ops, event_id => 15, false_msg => sub { my %p return Failed to get user list. }, true_msg => sub { my %p return Got user list. }, },.](http://images.slideplayer.com/2/687597/slides/slide_29.jpg "NT Admin Walkthru l Methods data structure $self->{methods} = { get_user_list => { method => sub { }, params => [ server ], role => $ops, event_id => 15, false_msg => sub { my %p return Failed to get user list. }, true_msg => sub { my %p return Got user list. }, },.")
30
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Methods role attribute $self->{roles} = { super_acct => 3, acct => 2, ops => 1, all => 0, };
31
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Core subroutine # generate list of users sub get_user_list { my $self = shift; my %params = @_; my (@users); Win32::AdminMisc::GetUsers($params{'server'},'',\@users); return \@users; }
32
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Create Account
33
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Create Account
34
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Create Account $client->build_request(method => create_user, server =>, user => $param{user}, type => user, abort => 1, ); $client->build_request(method => set_user_pwd, server =>, user => $param{user}, pwd => tmp_pass, ); $ok = $client->send_receive(); @msgs = $client->get_msgs(); return ($ok,\@msgs);
35
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Create Account
36
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Main Menu
37
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Change Account
38
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Get Account Info $client->build_request(method => get_user_attrs, server => params{server}, user => params{user}); $client->build_request(method => get_user_global_groups, server => params{server}, user => params{user}); $client->build_request(method => get_global_groups, server => params{server}); $ok = $send_receive(); @msgs = $client->get_msgs(); %attrs = $client->get_result(0); @user_grps = $client->get_result(1) @grps = $client->get_result(2); return ($ok,\@msgs,\%attrs,\@user_grps,\@grps);
39
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Account Info
40
George.Kuetemeyer@mail.tju.edu NT Admin Walkthru l Back end logging
41
George.Kuetemeyer@mail.tju.edu Project Results l Our security policies enforced l NT becomes part of larger IT infrastructure l IT staff supports NT with minimal training l Change effectively managed (Win2K) l Innovation modulated by our business realities
42
George.Kuetemeyer@mail.tju.edu NT Admin Futures l Replace inetd with Perl fork l Recode admin methods to support LDAP/Active Directory l Spend more time on web client interface
Similar presentations
