Remotely Manipulating ADODB & WIN32 Shares with permissions

3dbc has asked for the wisdom of the Perl Monks concerning the following question:

ESTEEMED PERL MONGERS,

I have LDAP resident on the main ADODB server. On a separate Max Attach NAS server I have home directories which are shared. The user's home directory path looks something like this //NAS_SERVER/home_dir_sharename with permissions on the share set to allow full access to the particular user and administrators. So far I have had no difficulty creating and setting permissions on the home directory from either server but I can not create the share on the NAS server from the main server. Also vice-versa I can not add a user with OLE to ADODB to the main server from the NAS server. I have included the code that I have been working with below. Any and all suggestions on how I might accomplish this task are greatly appreciated.
兒 Thank You 兒

use Win32;
use Win32::Perms;
use Win32::AdminMisc;
use Win32::NetAdmin;
use Win32::lanman;
use Win32::OLE;

&CreateUser($login_name, $fullname, $type, $ou, $password, $share);
&makeHomefolder($login_name, $homeDir, $homeShare, $type, $share);

sub makeHomefolder
{    
    print "Creating Users Home Folder $_[1]\n";
    
    system ("mkdir $_[1]");

    print "\nModifying Security on $_[0] Home Folder\n";
    $Dir = new Win32::Perms( "$_[1]") || die;
    $Dir->Remove(-1);
    $Dir->Allow(Administrators,Win32::Perms::FULL_CONTROL_DIR,Win32::P
+erms::DIR);
    $Dir->Allow(Administrators,Win32::Perms::FULL_CONTROL_FILE,Win32::
+Perms::FILE);
    $Dir->Set();
    $Dir->Allow($_[0],Win32::Perms::FULL_CONTROL_DIR,Win32::Perms::DIR
+);
    $Dir->Allow($_[0],Win32::Perms::FULL_CONTROL_FILE,Win32::Perms::FI
+LE);
    $Dir->Set();

    print "\n\nCreating Share $_[4] on $_[0] Home Directory\n";
    
    #the below code only works when i execute on the NAS_SERVER
    if(!Win32::Lanman::NetShareAdd("\\\\NAS_SERVER",
                                   {'netname' =>  "$_[4]",
    # share name
                                    type =>  Win32::Lanman::STYPE_DISK
+TREE,
    # share type
                                    remark =>  '$_[3] share',
    # remark
                                    permissions =>  Win32::Lanman::ACC
+ESS_ALL,
    
                                    max_uses =>  3,

                                    path =>  "$_[1]",

                                    }))
     {
            print "Sorry, something went wrong; error: ";
            # get the error code
            print Win32::Lanman::GetLastError();
            exit 1;
     }

    print "\nModifying Security on User Share\n";
    #the below code only works when i execute on the NAS_SERVER
    $path = "\\\\MAXST2\\$_[4]";
    $Dir = new Win32::Perms("share:".$path ) || warn
    "Can not create perm for \\\\NAS_SERVER\\$_[4] \n";
    $Dir->Remove(-1);
    $Dir->Allow(Administrators,Win32::Perms::FULL_CONTROL_DIR,Win32::P
+erms::DIR);
    $Dir->Allow(Administrators,Win32::Perms::FULL_CONTROL_FILE,Win32::
+Perms::FILE);
    $Dir->Set();
    $Dir->Allow($_[0],Win32::Perms::FULL_CONTROL_DIR,Win32::Perms::DIR
+);
    $Dir->Allow($_[0],Win32::Perms::FULL_CONTROL_FILE,Win32::Perms::FI
+LE);
    $Dir->Set();
}

#the below code only works when i execute on the MAIN_SERVER
sub CreateUser {
    print "$_[3]\n";

    print "$_[0]\n";
    # openLDAP connection
    $Win32::OLE::Warn = 3;
    # Taken from $ADS_USER_FLAG_ENUM
    my $ADS_UF_NORMAL_ACCOUNT = 512;

   my $objParent = Win32::OLE->GetObject("LDAP://" . $_[3]);
   my $objUser = $objParent->Create("user", "cn=" . $_[0]);
   $objUser->Put("sAMAccountName", $_[0]);
   $objUser->Put("userAccountControl", $ADS_UF_NORMAL_ACCOUNT);
   $objUser->SetInfo;
   $objUser->{'HomeDirectory'} = "\\\\NAS_SERVER\\$_[5]";
   $objUser->{'HomeDrive'}     = 'H:';
   $objUser->{'displayName'} = $_[1];
   $objUser->{'Description'} = $_[2];
   $objUser->{'userPrincipalName'} = "$_[0]\@domain.net";   
   $objUser->SetPassword($_[4]);
   $objUser->{AccountDisabled} = FALSE;
   $objUser->SetInfo;
    
    Win32::AdminMisc::UserSetMiscAttributes(
    '',
    $_[0],
    USER_FLAGS,
    UF_DONT_EXPIRE_PASSWD |  UF_PASSWD_CANT_CHANGE );
}
#I would like to be able to execute all code from on centralized locat
+ion.
[download]

Comment on Remotely Manipulating ADODB & WIN32 Shares with permissions Download Code

Replies are listed 'Best First'.
Re: Remotely Manipulating ADODB & WIN32 Shares with permissions by arden (Curate) on Jan 27, 2004 at 16:25 UTC
This really sounds to me like a problem with one server not trusting the other for administrative tasks. Have you considered running one script as a service, accepting input from the other? For example, have the NAS_SERVER script running at all times accepting input from the MAIN_SERVER on a socket. The NAS_SERVER script takes the variables input and creates the directory structures while the MAIN_SERVER script continues on its own and creates the user accounts. There are different things you can use to address security, from using SSL and restricting connections to only coming from the MAIN_SERVER and having some special key value sent along also to actually using some form of public key authentication. I only mention it to make sure you think of it before someone starts creating random file structures on your NAS_SERVER.	[reply]
Re: Remotely Manipulating ADODB & WIN32 Shares with permissions by BrowserUk (Patriarch) on Jan 27, 2004 at 16:42 UTC
The first question is can you do those tasks remotely using the standard tools? Either the command line or GUI varieties. If not, you need to fix that problem first. If you can, then you need to isolate the difference. What account is the script running under when it fails? What error messages are you receiving? Examine what is said, not who speaks. "Efficiency is intelligent laziness." -David Dunham "Think for yourself!" - Abigail Timing (and a little luck) are everything!	[reply]


Welcome to the Monastery
	PerlMonks