Tag: Linux

Remote SAS Management Console using WSL2

SAS Management Console 9.4 for Linux running in WSL2

A recent SAS Communities post got me thinking about running SAS Management Console using WSL2. In that post, the questioner was asking about how to manage multiple SAS environments with different SAS 9.4 maintenance levels (M5 and M8) from a single client device. I posted that one of the ways to do it was to run SAS Management Console remotely, as each SAS environment will have the corresponding SAS Management Console version installed. One of the ways to do this, when the SAS server is on Linux, is to use X-Windows software for Windows (like MobaXterm). Behind the scenes an SSH session is used to connect to the server and run SAS Management Console using X11 forwarding so that the app appears locally on the Windows workstation. I regularly encounter SAS customers using MobaXterm to do this and I occasionally use it myself when on Windows (my primary desktop is Linux so I normally just use SSH with X11 Forwarding without any additional software). It also occurred to me that, with recent enhancements to the Windows Subsystem for Linux (WSL), you can now do this with native Windows features and don’t need any additional software. I set out to try it for myself. Continue reading “Remote SAS Management Console using WSL2”

Installing SAS Viya 4 (2021.1.2) Locally

I have been wanting to get SAS® Viya 4 running locally on our lab hardware to further investigate the REST APIs, and having just finished the installation, I thought I’d jot down a few notes.

SAS Viya 4 has initially been released for the main cloud providers: Microsoft Azure (AKS) first, and now Amazon (EKS) and Google (GKE) too. I understand that RedHat OpenShift support will be coming later this year.

I’d heard it was also possible to get it running in a local on-premise Kubernetes (K8s) environment with some prep work Continue reading “Installing SAS Viya 4 (2021.1.2) Locally”

Reviewing SSL/TLS Certificate Chain for Active Directory Server

Sometimes when I am setting up, or helping someone setup, identity synchronisation between the SAS® platform and Microsoft Active Directory (AD), I run into SSL/TLS certificate validation issues. I am usually using Metacoda Identity Sync, but it can also happen when doing a sync with custom Base SAS code. Often the underlying cause is that the AD server’s CA certificate is not in the SAS Private JRE Trusted CA Bundle (see Did I add that CA Certificate to the SAS Trusted CA Bundle?). When troubleshooting this, one of the first things I will do is look at the certificate that the AD server is providing, and I mostly use an OpenSSL s_client command for this. There are 4 command variations I use depending on whether I am trying to use the main directory or the global catalog, and with LDAP plus STARTTLS, or just LDAPS.

For connecting to the main directory on the unencrypted LDAP port 389 with an upgrade to encrypted using STARTTLS:

echo "Q" | openssl s_client -connect dc.example.com:389 -starttls ldap -showcerts

For connecting to the main directory on the encrypted LDAPS port 636:

echo "Q" | openssl s_client -connect dc.example.com:636 -showcerts

For connecting to the global catalog on the unencrypted port 3268 with an upgrade to encrypted using STARTTLS:

echo "Q" | openssl s_client -connect gc.example.com:3268 -starttls ldap -showcerts

For connecting to the global catalog on the encrypted port 3269:

echo "Q" | openssl s_client -connect gc.example.com:3269 -showcerts

If you want to examine the returned certificate in more detail then you can also pipe it to an OpenSSL x509 command e.g.

echo "Q" | openssl s_client -connect dc.example.com:389 -starttls ldap -showcerts | openssl x509 -noout -text

If you have questions, or any other tips for troubleshooting SSL/TLS certificates with AD, then please leave a comment below.

Java Look & Feel with SAS Management Console on Linux

As someone who specialises in SAS® metadata security, I spend a lot of time using the Authorization tab in SAS Management Console. I also use Linux a great deal. When I run SAS Management Console on Linux, I’ve noticed that the check box background colours on the Authorization tab don’t render correctly (for me at least). I only ever see white background check boxes when I expect to also see green and gray ones: green indicating an ACT; white indicating an ACE; and gray indicating indirect. These colours are important indicators for the source of access controls so not being able to see them is a problem!

It occurred to me that I might be able to resolve this by specifying a Java System Property in the sasmc.ini file to change the Java Look & Feel.

I first tried changing the default look & feel (using ‑Dswing.defaultlaf) but that didn’t work. What did work is changing the default system look & feel (with ‑Dswing.systemlaf). Continue reading “Java Look & Feel with SAS Management Console on Linux”

Auto Creation of Linux Home Directories for SAS Users

In a previous post I’ve described a method for configuring Active Directory Authentication for SAS® on Linux (with realmd). One of the packages that’s installed is oddjob-mkhomedir. This package normally handles any requirement for auto-creating home directories for those AD users on Linux. Unfortunately it doesn’t seem to get used by the SAS Object Spawner. I ran into this issue again today when logging into SAS Studio 4.2 as an AD user on the SAS Viya™ 3.2 platform. I wasn’t able to login because the AD user’s Linux home directory didn’t exist and hadn’t been auto created. After manually creating the home directory the login succeeded. I would rather get auto-creation working so I wouldn’t need to manually create home directories for each SAS user that was likely to use SAS Studio. Thankfully I was able to find a solution that I’ll describe in this post. Continue reading “Auto Creation of Linux Home Directories for SAS Users”