# Credentials & Authorization Reference **Last Updated:** 2026-01-26 **Purpose:** Centralized credentials for Claude Code context recovery **Project:** ClaudeTools MSP Work Tracking System --- ## Infrastructure - SSH Access ### GuruRMM Server (172.16.3.30) - **Host:** 172.16.3.30 - **Hostname:** gururmm / gururmm-build - **User:** guru - **SSH Password:** Gptf*77ttb123!@#-rmm (note: special chars cause sudo issues, use heredoc) - **Sudo Password:** Gptf*77ttb123!@#-rmm - **SSH Port:** 22 - **Role:** Production server hosting ClaudeTools database and API, GuruRMM system, cross-platform builds - **Services:** - MariaDB 10.6.22 (Port 3306) - PostgreSQL 14 (Port 5432) - ClaudeTools API (Port 8001) - GuruRMM API (Port 3001) - Nginx reverse proxy (Port 80/443) - **ClaudeTools Database:** - Database: claudetools - User: claudetools - Password: CT_e8fcd5a3952030a79ed6debae6c954ed - **GuruRMM Database (PostgreSQL):** - Database: gururmm - User: gururmm - Password: 43617ebf7eb242e814ca9988cc4df5ad - Connection: postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@172.16.3.30:5432/gururmm - **GuruRMM API Access:** - Base URL: http://172.16.3.30:3001 - Production URL: https://rmm-api.azcomputerguru.com - Admin Email: claude-api@azcomputerguru.com - Admin Password: ClaudeAPI2026!@# - Admin User ID: 4d754f36-0763-4f35-9aa2-0b98bbcdb309 - JWT Secret: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE= - **OS:** Ubuntu 22.04 LTS - **SSH Keys:** guru@wsl, guru@gururmm-build (ed25519) - **Notes:** Primary ClaudeTools infrastructure, systemd service auto-starts API. GuruRMM admin user created 2026-01-22 for API integration. Build server for cross-platform GuruRMM builds. ### Jupiter (Unraid Primary - 172.16.3.20) - **Host:** 172.16.3.20 - **User:** root - **SSH Port:** 22 - **Password:** Th1nk3r^99## - **WebUI Password:** Th1nk3r^99## - **Role:** Primary container host, Gitea server, NPM, GuruRMM, Seafile - **Services:** - Gitea (Port 3000, SSH 2222) - Docker containers - NPM (Nginx Proxy Manager) - Ports 1880 (HTTP), 18443 (HTTPS), 7818 (admin) - GuruRMM API (Port 3001) - Seafile Pro (Port 8082) - **iDRAC (Dell Remote Management):** - IP: 172.16.1.73 (DHCP) - User: root - Password: Window123!@#-idrac - IPMI Key: 0000000000000000000000000000000000000000 (all zeros) - SSH: Enabled (port 22) - cipher compatibility issues - Web UI: https://172.16.1.73/ - **SSH Keys:** claude-code@localadmin (ed25519), root@GuruSync (ed25519), guru@wsl (ed25519), guru@gururmm-build (ed25519) - **Notes:** Used for code repository management and version control. Primary infrastructure server. ### IX Server (Hosting - 172.16.3.10) - **Host:** ix.azcomputerguru.com - **Internal IP:** 172.16.3.10 - **External IP:** 72.194.62.5 - **User:** root - **SSH Port:** 22 - **Password:** Gptf*77ttb!@#!@# - **SSH Key:** guru@wsl key added to authorized_keys - **OS:** Rocky Linux (WHM/cPanel) - **Role:** Primary cPanel hosting server for client websites (80+ accounts) - **Services:** - WHM (Web Host Manager) - Port 2087 - cPanel - Port 2083 - Apache/LiteSpeed web server - MariaDB (multiple client databases) - PHP-FPM - **Access Methods:** - SSH (external): ssh root@ix.azcomputerguru.com - SSH (internal): ssh root@172.16.3.10 - WHM: https://ix.azcomputerguru.com:2087 - cPanel: https://ix.azcomputerguru.com:2083 - **VPN Required:** Yes (for external SSH access) - **Hosted Sites:** 40+ WordPress sites (arizonahatters.com, peacefulspirit.com, etc.) - **Notes:** - Critical performance issues documented 2026-01-13 - Requires VPN for SSH access - See clients/internal-infrastructure/ix-server-issues-2026-01-13.md for maintenance details - 80+ cPanel accounts hosted - **Critical Sites Maintained (2026-01-13):** - acepickupparts.com (PHP 256MB, database cleaned) - arizonahatters.com (PHP 256MB, Wordfence bloat cleaned) - peacefulspirit.com (database bloat cleaned 310MB→0.67MB) ### WebSvr (Legacy Hosting - websvr.acghosting.com) - **Host:** websvr.acghosting.com - **External IP:** 162.248.93.81 - **User:** root - **SSH Port:** 22 - **Password:** r3tr0gradE99# - **OS:** CentOS 7 (WHM/cPanel) - **Role:** Legacy cPanel hosting server, DNS management for ACG Hosting domains - **Services:** - WHM (Web Host Manager) - cPanel - Apache/LiteSpeed web server - MariaDB - DNS Zone Management - **API Token:** 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O (Full access) - **DNS Management:** Authoritative for ACG Hosting nameservers (grabbanddurando.com zone, etc.) - **Status:** Active - DNS management, some legacy sites - **Notes:** - Used for DNS zone editing for client domains - Migration source to IX server - See clients/grabb-durando/website-migration/README.md for DNS management examples ### pfSense Firewall (172.16.0.1) - **Host:** 172.16.0.1 - **SSH Port:** 2248 - **User:** admin - **Password:** r3tr0gradE99!! - **SSH Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrv2u99Y/KecA4GtJ3xi/8ExzkjdPsCHLDdaFPBkGAg claude-code@localadmin - **OS:** FreeBSD (pfSense 2.8.1) - **Role:** Primary network firewall, VPN gateway, Tailscale gateway - **Services:** - Firewall rules - VPN server - Tailscale subnet router - DHCP server - **Tailscale:** - Tailscale IP: 100.79.69.82 (pfsense-1) / 100.119.153.74 (pfsense-2) - Subnet Routes: 172.16.0.0/22 (advertised to Tailscale network) - Hostname: pfsense-1 / pfsense-2 - **Web UI:** https://172.16.0.1 - **Status:** CRITICAL PRODUCTION - Network gateway - **Network:** - LAN Subnet: 172.16.0.0/16 - OpenVPN: 192.168.6.0/24 - WAN (Fiber): 98.181.90.163/31 - Public IPs: 72.194.62.2-10, 70.175.28.51-57 - **Notes:** - Primary network security appliance - Routes traffic for entire 172.16.0.0/16 network - Tailscale exit node for remote access - Migrated to Intel N100 hardware 2025-12-25 ### Saturn (172.16.3.21) - DECOMMISSIONED - **Host:** 172.16.3.21 - **User:** root - **SSH Port:** 22 - **Password:** r3tr0gradE99 - **OS:** Unraid 6.x - **Role:** Secondary Unraid server (decommissioned) - **Status:** DECOMMISSIONED - Migration to Jupiter complete (Seafile migrated 2025-12-27) - **Notes:** - All services migrated to Jupiter in 2025 - May be powered off - Documented for historical reference ### OwnCloud VM (172.16.3.22) - **Host:** 172.16.3.22 - **Hostname:** cloud.acghosting.com - **User:** root - **SSH Port:** 22 - **Password:** Paper123!@#-unifi! - **OS:** Rocky Linux 9.6 - **Role:** OwnCloud file synchronization server - **Services:** - Apache web server - MariaDB - PHP-FPM - Redis - OwnCloud application - Datto RMM agents - **Storage:** SMB mount from Jupiter (Unraid shares - /mnt/user/OwnCloud) - **Status:** Active - **Notes:** - Jupiter has SSH key auth configured - File sync service for team collaboration - Data stored on Jupiter NAS backend --- ## External/Client Servers ### GoDaddy VPS (208.109.235.224) - Grabb & Durando - **Host:** 208.109.235.224 - **Hostname:** 224.235.109.208.host.secureserver.net - **User:** root - **SSH Port:** 22 - **Auth:** SSH key (id_ed25519) - **OS:** CloudLinux 9.6 - **cPanel:** v126.0 (build 11) - **Role:** data.grabbanddurando.com hosting (MIGRATION COMPLETE - old server) - **Status:** OFFLINE - 99% disk space used (1.6GB free) - migration complete - **Client:** Grabb & Durando Law Firm - **Application:** Custom PHP calendar/user management system - **Database Credentials (on GoDaddy):** - Database: grabblaw_gdapp - User: grabblaw_gdapp - Password: e8o8glFDZD - cPanel User: grabbanddurando - **Migration Target:** ix.azcomputerguru.com (COMPLETE) - **Migration Status:** Complete - old server can be decommissioned - **Notes:** - MIGRATION COMPLETE - data sync performed 2025-12-12 - SSH key authentication (passwordless) - See clients/grabb-durando/website-migration/README.md for migration details - Keep active for 1 week after successful migration (retention period expired) ### Neptune Exchange Server (67.206.163.124) - **Hostname:** neptune.acghosting.com - **Public IP:** 67.206.163.124 - **Internal IP:** 172.16.3.11 (requires Dataforth VPN) - **Domain:** ACG - **Admin User:** ACG\administrator - **Admin Password:** Gptf*77ttb## - **Exchange Version:** Exchange Server 2016 - **OWA URL:** https://neptune.acghosting.com/owa/ - **PowerShell URL:** https://neptune.acghosting.com/PowerShell/ - **Authentication:** Basic Auth - **ActiveSync:** Enabled (BasicAuthEnabled: True) - **Status:** Active - **Client:** heieck.org (migration to M365 complete 2026-01-14) - **Notes:** - Requires VPN access (OpenVPN to Dataforth network) - UDM firewall rules required for OpenVPN→Dataforth access - iptables rules on UDM: 192.168.6.0/24 ↔ 172.16.0.0/22 --- ## Dataforth Infrastructure ### AD2 (Production Server - 192.168.0.6) - **Host:** 192.168.0.6 - **Hostname:** AD2.intranet.dataforth.com - **Domain:** INTRANET - **User:** INTRANET\sysadmin - **Password:** Paper123!@# - **OS:** Windows Server 2022 - **Local Path:** C:\Shares\test - **Share Access:** \\192.168.0.6\C$ (admin share, requires credentials) - **Role:** Production server for Dataforth DOS machines, Secondary Domain Controller - **Services:** - Active Directory Domain Controller (Secondary) - File Server (SMB3) - Scheduled sync task (Sync-FromNAS.ps1 every 15 min) - WinRM (PowerShell Remoting) on port 5985 - OpenSSH Server on port 22 - **Network:** 192.168.0.0/24 - **Automation Access:** - **Service Account:** INTRANET\ClaudeTools-ReadOnly - **Service Password:** vG!UCAD>=#gIk}1A3=:{+DV3 - **Service UPN:** ClaudeTools-ReadOnly@dataforth.local - **Permissions:** Read-only AD access, Remote Management Users group - **Scripts Location:** C:\ClaudeTools\Scripts\ - **Logs Location:** C:\ClaudeTools\Logs\Transcripts\ - **SSH Key (sysadmin account):** - **Key Type:** ED25519 - **Fingerprint:** SHA256:JsiEDAJ/fD19d6W7B5iuV78f8dLKZbLTrMor7b9CXSQ - **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpk0bdronDasfx5RYjky4N4xIeUJF5xIJdX08rb3+Ui sysadmin@AD2-automation - **Private Key Location:** C:\Users\sysadmin\.ssh\id_ed25519 - **WinRM Configuration:** - **TrustedHosts:** 172.16.*,192.168.*,10.* (LAN/VPN access) - **Listener:** HTTP on port 5985 - **Transcript Logging:** Enabled (all remote sessions logged) - **Module Logging:** Enabled - **Script Block Logging:** Enabled - **Connection Method (SMB Share):** ```powershell $pass = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $pass) New-PSDrive -Name Z -PSProvider FileSystem -Root '\\192.168.0.6\C$' -Credential $cred # Access: Z:\Shares\test\ ``` - **Connection Method (WinRM - Admin):** ```powershell $password = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $password) Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred ``` - **Connection Method (WinRM - Read-Only):** ```powershell $password = ConvertTo-SecureString 'vG!UCAD>=#gIk}1A3=:{+DV3' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential('INTRANET\ClaudeTools-ReadOnly', $password) Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred ``` - **Connection Method (SSH):** ```bash ssh INTRANET\\sysadmin@192.168.0.6 # Password: Paper123!@# # Or with key: ssh -i path/to/id_ed25519 INTRANET\\sysadmin@192.168.0.6 ``` - **Software Update Locations:** - Common (all machines): C:\Shares\test\COMMON\ProdSW\ and C:\Shares\test\_COMMON\ProdSW\ - Station-specific: C:\Shares\test\TS-XX\ProdSW\ - System files: C:\Shares\test\COMMON\DOS\ - **Notes:** - SMB1 disabled for security (after crypto attack) - Sync mechanism moved from NAS to AD2 due to WINS crashes - Files sync to NAS within 15 minutes after placement - DOS machines pull from NAS (not directly from AD2) ### AD1 (Primary Domain Controller - 192.168.0.27) - **IP:** 192.168.0.27 - **Hostname:** AD1.intranet.dataforth.com - **User:** INTRANET\sysadmin - **Password:** Paper123!@# - **Role:** Primary DC, NPS/RADIUS server - **NPS Ports:** 1812/1813 (auth/accounting) - **Services:** - Active Directory Domain Controller (Primary) - NPS/RADIUS Server - **Access Methods:** RDP, WinRM ### D2TESTNAS (SMB1 Proxy - 192.168.0.9) - **Host:** 192.168.0.9 - **NetBIOS Name:** D2TESTNAS - **MAC:** 28:C6:8E:34:4B:5E / 5F - **HTTP:** http://192.168.0.9/ - **User (Web):** admin - **Password (Web):** Paper123!@#-nas - **SSH User:** root - **SSH Auth:** ed25519 key (passwordless) + password: Paper123!@#-nas - **SSH Key:** ed25519 from ~/.ssh/id_ed25519 (WSL) - **Role:** SMB1 proxy/bridge for DOS 6.22 machines - **OS:** Netgear ReadyNAS RN10400 (Linux NAS appliance) - **Share:** \\D2TESTNAS\test (maps to /data/test) - **Shares:** - \\D2TESTNAS\test (guest writable, maps to T:) - \\D2TESTNAS\datasheets (guest writable, maps to X:) - **Services:** - SMB1 server (for DOS machine compatibility - CORE protocol) - SSH server (Port 22) - WINS Server: Enabled (192.168.0.9) - **SMB Configuration:** - Protocol: CORE (oldest, for DOS compatibility) - Workgroup: INTRANET - WINS support: yes - Null passwords: enabled - Guest access: enabled - **SMB Users:** ts-1 through ts-50 (NULL passwords - smbpasswd -n ts-XX) - **Engineer Access:** engineer / Engineer1! - **Notes:** - Bridges DOS machines (SMB1) with AD2 (SMB3) - Previous sync location (moved to AD2) - Network path: /data/test/ - Sync credentials in /root/.ad2creds ### Dataforth DOS Machines (TS-XX) - **Network:** 192.168.0.0/24 - **OS:** MS-DOS 6.22 - **Count:** ~30 machines for QC testing - **Naming:** TS-01 through TS-30 - **Network Share:** T: drive (maps to \\D2TESTNAS\test) - **Machine Variable:** %MACHINE% (set in AUTOEXEC.BAT from C:\NET\SYSTEM.INI) - **Backup Location:** T:\%MACHINE%\BACKUP\ - **Update Path:** T:\COMMON\ - **Credentials:** None (local DOS machines) - **Network Drives:** - T: = \\D2TESTNAS\test - X: = \\D2TESTNAS\datasheets - **Boot Sequence:** 1. C:\AUTOEXEC.BAT 2. C:\STARTNET.BAT (mount drives) 3. T:\TS-XX\NWTOC.BAT (download updates) 4. C:\ATE\MENU.BAT (test menu) - **Central Management:** T:\UPDATE.BAT (v2.0) - Commands: STATUS, UPDATE, DOS - Auto-detection from C:\NET\SYSTEM.INI - **Machines Tested Working:** - TS-27: Working, full config copied - TS-8L: Working, 717 logs + 2966 reports moved - TS-8R: Working, 821 logs + 3780 reports moved - **Notes:** - SMB1 protocol required - DOS 6.22 limitations: no %COMPUTERNAME%, no IF /I - Network stack: MS Client 3.0, Netware VLM client - Update workflow: AD2 → D2TESTNAS → DOS machines - Startup sequence: AUTOEXEC.BAT → STARTNET.BAT → MENUX.EXE - MENUX menu provides test module selection interface - Test Equipment: Keithley 2010, Fluke 8842A, HP 33220A, KEPCO DPS, BK Precision 1651A, Rigol MSO2102A ### UDM (UniFi Dream Machine - 192.168.0.254) - **Service:** Gateway/firewall - **IP:** 192.168.0.254 - **SSH User:** root - **SSH Password:** Paper123!@#-unifi - **SSH Key:** claude-code key added - **Web User:** azcomputerguru - **Web Password:** Paper123!@#-unifi - **2FA:** Push notification enabled - **Role:** Gateway/firewall, OpenVPN server - **OpenVPN:** 192.168.6.0/24 network - **Isolated Network:** 172.16.0.0/22 (Dataforth internal) - **MongoDB:** 127.0.0.1:27117/ace (UniFi controller) - **Access Methods:** SSH, Web (2FA) - **Notes:** - OpenVPN access requires iptables rules for Dataforth network access - WINS configured in DHCP pointing to D2TESTNAS (192.168.0.9) - DNS servers: 192.168.0.27, 192.168.0.6, 192.168.1.254 ### AD2-NAS Sync System - **Script:** C:\Shares\test\scripts\Sync-FromNAS.ps1 - **Runs:** Every 15 minutes (Windows Scheduled Task) - **User:** INTRANET\sysadmin - **Direction:** Bidirectional - **Tools:** PuTTY (plink.exe, pscp.exe) - **Log:** C:\Shares\test\scripts\sync-from-nas.log - **Status:** C:\Shares\test\_SYNC_STATUS.txt (monitored by DattoRMM) - **Last Verified:** 2026-01-15 (running successfully) - **PULL (NAS → AD2):** - Test results: /data/test/TS-XX/LOGS/*.DAT → C:\Shares\test\TS-XX\LOGS\ - Reports: /data/test/TS-XX/Reports/*.TXT → C:\Shares\test\TS-XX\Reports\ - Files deleted from NAS after successful sync - DAT files imported to database automatically - **PUSH (AD2 → NAS):** - Common updates: C:\Shares\test\COMMON\ProdSW\ → /data/test/COMMON/ProdSW/ - Station updates: C:\Shares\test\TS-XX\ProdSW\ → /data/test/TS-XX/ProdSW/ - Root utility: C:\Shares\test\UPDATE.BAT → /data/test/UPDATE.BAT - One-shot tasks: C:\Shares\test\TS-XX\TODO.BAT → /data/test/TS-XX/TODO.BAT - **Notes:** - Moved from NAS to AD2 in January 2026 - Reason: WINS crashes and SSH lockups on NAS - NAS script (/root/sync-to-ad2.sh) is DEPRECATED - UPDATE.BAT sync added 2026-01-15 --- ## Services - Web Applications ### Gitea (Git Server) - **URL:** https://git.azcomputerguru.com/ - **Web Port:** 3000 - **SSH:** ssh://git@172.16.3.20:2222 OR ssh://git@git.azcomputerguru.com:2222 - **Username:** azcomputerguru - **Email:** mike@azcomputerguru.com - **Password:** Gptf*77ttb123!@#-git OR Window123!@#-git - **SSH Key:** claude-code (ed25519) - CONFIGURED AND WORKING - **SSH Fingerprint:** SHA256:E+dhx8dYK+pWyqFUcAVAeJtaQEI3cOiIs7eac1w3Dnk - **API Token:** 9b1da4b79a38ef782268341d25a4b6880572063f - **Repository:** azcomputerguru/ClaudeTools, azcomputerguru/claude-projects - **Role:** Source code version control, project sync - **Docker Container:** gitea (on Jupiter server) - **Notes:** - Web login: azcomputerguru / Gptf*77ttb123!@#-git - SSH access: `ssh -T -p 2222 git@172.16.3.20` (verified working 2026-01-19) - Git remote: `ssh://git@172.16.3.20:2222/azcomputerguru/ClaudeTools.git` - Password reset: `docker exec -u git gitea gitea admin user change-password --username azcomputerguru --password 'NEW_PASSWORD'` - SSH key added: 2026-01-19 15:09 (claude-code) ### NPM (Nginx Proxy Manager) - **Admin URL:** http://172.16.3.20:7818 - **HTTP Port:** 1880 - **HTTPS Port:** 18443 - **User:** mike@azcomputerguru.com OR admin@azcomputerguru.com - **Password:** r3tr0gradE99! OR Window123!@# - **Cloudflare API Token:** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w - **Database:** SQLite at /mnt/user/appdata/npm/database.sqlite - **Container:** npm on Jupiter - **Proxy Hosts:** - ID 1: emby.azcomputerguru.com → 172.16.2.99:8096 (SSL: npm-1) - ID 2: git.azcomputerguru.com → 172.16.3.20:3000 (SSL: npm-2) - ID 4: plexrequest.azcomputerguru.com → 172.16.3.31:5055 (SSL: npm-4) - ID 5: rmm-api.azcomputerguru.com → 172.16.3.20:3001 (SSL: npm-6) - unifi.azcomputerguru.com → 172.16.3.28:8443 (SSL: npm-5) - ID 8: sync.azcomputerguru.com → 172.16.3.20:8082 (SSL: npm-8) ### ClaudeTools API (Production) - **URL:** http://172.16.3.30:8001 - **Docs:** http://172.16.3.30:8001/api/docs - **Database:** 172.16.3.30:3306/claudetools - **Auth:** JWT tokens (POST /api/auth/token) - **Test User:** - Email: test@example.com - Password: testpassword123 - **Role:** Primary MSP work tracking API - **Endpoints:** 95+ endpoints across 17 entities - **Notes:** Systemd service, auto-starts on boot ### Seafile Pro (File Sync) - **URL:** https://sync.azcomputerguru.com - **Internal:** 172.16.3.20:8082 - **Admin Email:** mike@azcomputerguru.com - **Admin Password:** r3tr0gradE99# - **Database User:** seafile - **Database Password:** 64f2db5e-6831-48ed-a243-d4066fe428f9 - **Database Root:** db_dev - **Databases:** ccnet_db, seafile_db, seahub_db - **Containers:** seafile, seafile-mysql, seafile-memcached, seafile-elasticsearch - **Docker Compose:** /mnt/user0/SeaFile/DockerCompose/docker-compose.yml - **Data Path:** /mnt/user0/SeaFile/seafile-data/ - **Storage:** 11.8TB - **Location:** Jupiter (migrated from Saturn 2025-12-27) - **Elasticsearch:** 7.17.26 (upgraded for kernel 6.12 compatibility) - **Microsoft Graph API (Email):** - Tenant ID: ce61461e-81a0-4c84-bb4a-7b354a9a356d - Client ID: 15b0fafb-ab51-4cc9-adc7-f6334c805c22 - Client Secret: rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk - Sender Email: noreply@azcomputerguru.com - Usage: Seafile email notifications via Graph API ### Cloudflare - **Service:** DNS and CDN - **API Token (Full DNS):** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj - **API Token (Legacy/Limited):** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w - **Permissions:** Zone:Read, Zone:Edit, DNS:Read, DNS:Edit - **Used for:** DNS management, WHM plugin, cf-dns CLI - **Domain:** azcomputerguru.com - **Notes:** New full-access token added 2025-12-19 - **Access Methods:** API --- ## Projects - ClaudeTools ### Database (MariaDB) - **Host:** 172.16.3.30 - **Port:** 3306 - **Database:** claudetools - **User:** claudetools - **Password:** CT_e8fcd5a3952030a79ed6debae6c954ed - **Connection String:** ``` mysql+pymysql://claudetools:CT_e8fcd5a3952030a79ed6debae6c954ed@172.16.3.30:3306/claudetools?charset=utf8mb4 ``` - **Tables:** 38 tables (fully migrated) - **Encryption:** AES-256-GCM for credentials table - **Backup:** Daily automated backups ### Encryption Keys - **Method:** AES-256-GCM (Fernet) - **Key:** 319134ddb79fa44a6751b383cb0a7940da0de0818bd6bbb1a9c20a6a87d2d30c - **File Location:** C:\Users\MikeSwanson\claude-projects\shared-data\.encryption-key - **Generated:** 2026-01-15 - **Key Storage:** Environment variable ENCRYPTION_KEY - **Usage:** Credentials table password encryption, AES-256-GCM encryption for credentials in database - **Warning:** DO NOT COMMIT TO GIT - **Notes:** Never commit encryption key to git ### API Authentication - **Method:** JWT tokens - **Password Hashing:** Argon2 - **Token Endpoint:** POST /api/auth/token - **Token Format:** Bearer token in Authorization header - **JWT Secret:** NdwgH6jsGR1WfPdUwR3u9i1NwNx3QthhLHBsRCfFxcg= - **Example:** ```bash curl -X POST http://172.16.3.30:8001/api/auth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "username=test@example.com&password=testpassword123" ``` --- ## Projects - GuruRMM ### Dashboard/API Login - **Service:** GuruRMM dashboard login - **Email:** admin@azcomputerguru.com - **Password:** GuruRMM2025 - **Role:** admin - **Access Methods:** Web ### Database (PostgreSQL) - **Service:** GuruRMM database - **Host:** gururmm-db container (172.16.3.20) OR 172.16.3.30 (build server) - **Port:** 5432 (default) - **Database:** gururmm - **User:** gururmm - **Password:** 43617ebf7eb242e814ca9988cc4df5ad - **Connection:** postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@172.16.3.30:5432/gururmm - **Access Methods:** PostgreSQL protocol ### API Server - **External URL:** https://rmm-api.azcomputerguru.com - **Internal URL:** http://172.16.3.20:3001 OR http://172.16.3.30:3001 - **JWT Secret:** ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE= - **Access Methods:** HTTPS, HTTP (internal) ### Microsoft Entra ID (SSO) - **Service:** GuruRMM SSO via Entra - **App Name:** GuruRMM Dashboard - **App ID (Client ID):** 18a15f5d-7ab8-46f4-8566-d7b5436b84b6 - **Object ID:** 34c80aa8-385a-4bea-af85-f8bf67decc8f - **Client Secret:** gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w - **Secret Expires:** 2026-12-21 - **Sign-in Audience:** Multi-tenant (any Azure AD org) - **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback - **API Permissions:** openid, email, profile - **Created:** 2025-12-21 - **Access Methods:** OAuth 2.0 ### CI/CD (Build Automation) - **Webhook URL:** http://172.16.3.30/webhook/build - **Webhook Secret:** gururmm-build-secret - **Build Script:** /opt/gururmm/build-agents.sh - **Build Log:** /var/log/gururmm-build.log - **Gitea Webhook ID:** 1 - **Trigger:** Push to main branch - **Builds:** Linux (x86_64) and Windows (x86_64) agents - **Deploy Path:** /var/www/gururmm/downloads/ - **GuruConnect Static Files:** /home/guru/guru-connect/server/static/ - **GuruConnect Binary:** /home/guru/guru-connect/target/release/guruconnect-server - **Access Methods:** Webhook ### Build Server SSH Key (for Gitea) - **Key Name:** gururmm-build-server - **Key Type:** ssh-ed25519 - **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi guru@gururmm-build - **Added to:** Gitea (azcomputerguru account) - **Access Methods:** SSH key authentication ### Clients & Sites #### Glaztech Industries (GLAZ) - **Client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9 - **Site:** SLC - Salt Lake City - **Site ID:** 290bd2ea-4af5-49c6-8863-c6d58c5a55de - **Site Code:** DARK-GROVE-7839 - **API Key:** grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI - **Created:** 2025-12-18 - **Access Methods:** API #### AZ Computer Guru (Internal) - **Site Code:** SWIFT-CLOUD-6910 --- ## Projects - GuruConnect ### Database (PostgreSQL on build server) - **Service:** GuruConnect database - **Host:** localhost (172.16.3.30) - **Port:** 5432 - **Database:** guruconnect - **User:** guruconnect - **Password:** gc_a7f82d1e4b9c3f60 - **DATABASE_URL:** postgres://guruconnect:gc_a7f82d1e4b9c3f60@localhost:5432/guruconnect - **Created:** 2025-12-28 - **Access Methods:** PostgreSQL protocol --- ## Projects - Dataforth DOS ### Update Workflow - **Admin Deposits:** \\AD2\test\COMMON\ (on AD2) - **Sync Mechanism:** AD2 scheduled task (C:\Shares\test\scripts\Sync-FromNAS.ps1) - **DOS Pull:** T:\COMMON\ (from D2TESTNAS) - **Backup Target:** T:\%MACHINE%\BACKUP\ ### Key Files - **UPDATE.BAT:** Machine backup utility (runs on DOS) - v2.0 on T:\UPDATE.BAT - **NWTOC.BAT:** Network to Computer updates - **CTONW.BAT:** Computer to Network uploads - **STAGE.BAT:** System file staging for reboot - **REBOOT.BAT:** Auto-generated, applies staged updates - **AUTOEXEC.BAT:** DOS startup, sets %MACHINE% variable - **CONFIG.SYS:** DOS system configuration - **STARTNET.BAT:** Network stack initialization ### Folder Structure ``` \\AD2\test\ ├── COMMON\ # Shared updates for all machines │ ├── DOS\ # System files (AUTOEXEC.NEW, CONFIG.NEW) │ ├── ProdSW\ # Production software updates │ └── NewSW\ # New software distributions └── TS-XX\ # Individual machine folders └── Backup\ # Machine-specific backups ``` --- ## Client - MVAN Inc ### Microsoft 365 Tenant 1 - **Service:** M365 tenant - **Tenant:** mvan.onmicrosoft.com - **Admin User:** sysadmin@mvaninc.com - **Password:** r3tr0gradE99# - **Notes:** Global admin, project to merge/trust with T2 - **Access Methods:** Web (M365 portal) --- ## Client - BG Builders LLC ### Microsoft 365 Tenant - **Service:** M365 tenant - **Tenant:** bgbuildersllc.com - **CIPP Name:** sonorangreenllc.com - **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27 - **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com - **Admin User:** sysadmin@bgbuildersllc.com - **Password:** Window123!@#-bgb - **Added:** 2025-12-19 - **Licenses:** - 8x Microsoft 365 Business Standard - 4x Exchange Online Plan 1 - 1x Microsoft 365 Basic - **Security Gap:** No advanced security features (no conditional access, Intune, or Defender) - **Recommendation:** Upgrade to Business Premium - **Access Methods:** Web (M365 portal) ### Email Security (Configured 2025-12-19) | Record | Status | Details | |--------|--------|---------| | SPF | ✅ | `v=spf1 include:spf.protection.outlook.com -all` | | DMARC | ✅ | `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com` | | DKIM selector1 | ✅ | CNAME to selector1-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com | | DKIM selector2 | ✅ | CNAME to selector2-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com | | MX | ✅ | bgbuildersllc-com.mail.protection.outlook.com | ### Security Investigation (2025-12-22) - RESOLVED - **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley) - **Symptoms:** Suspicious sent items reported by user - **Findings:** - Gmail OAuth app with EAS.AccessAsUser.All (REMOVED) - "P2P Server" app registration backdoor (DELETED by admin) - No malicious mailbox rules or forwarding - Sign-in logs unavailable (no Entra P1 license) - **Remediation:** - Password reset: `5ecwyHv6&dP7` (must change on login) - All sessions revoked - Gmail OAuth consent removed - P2P Server backdoor deleted - **Status:** RESOLVED ### Cloudflare - **Zone ID:** 156b997e3f7113ddbd9145f04aadb2df - **Nameservers:** amir.ns.cloudflare.com, mckinley.ns.cloudflare.com - **A Records:** 3.33.130.190, 15.197.148.33 (proxied) - GoDaddy Website Builder --- ## Client - Sonoran Green LLC ### Status **Active** - Related entity to BG Builders LLC (same M365 tenant) ### Company Information - **Domain:** sonorangreenllc.com - **Primary Entity:** BG Builders LLC ### Microsoft 365 - **Tenant:** Shared with BG Builders LLC (ededa4fb-f6eb-4398-851d-5eb3e11fab27) - **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com ### DNS Configuration #### Current Status - **Nameservers:** Still on GoDaddy (not migrated to Cloudflare) - **A Record:** 172.16.10.200 (private IP - problematic) - **Email Records:** Properly configured for M365 #### Needed Records (Not Yet Applied) - DMARC: `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com` - DKIM selector1: CNAME to selector1-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com - DKIM selector2: CNAME to selector2-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com --- ## Client - CW Concrete LLC ### Microsoft 365 Tenant - **Service:** M365 tenant - **Tenant:** cwconcretellc.com - **CIPP Name:** cwconcretellc.com - **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711 - **Default Domain:** NETORGFT11452752.onmicrosoft.com - **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification - **Licenses:** - 2x Microsoft 365 Business Standard - 2x Exchange Online Essentials - **Security Gap:** No advanced security features - **Recommendation:** Upgrade to Business Premium for Intune, conditional access, Defender - **Access Methods:** Web (M365 portal) ### Security Investigation (2025-12-22) - RESOLVED - **Findings:** - Graph Command Line Tools OAuth consent with high privileges (REMOVED) - "test" backdoor app registration with multi-tenant access (DELETED) - Apple Internet Accounts OAuth (left - likely iOS device) - No malicious mailbox rules or forwarding - **Remediation:** - All sessions revoked for all 4 users - Backdoor apps removed - **Status:** RESOLVED --- ## Client - Dataforth ### Network - **Subnet:** 192.168.0.0/24 - **Domain:** INTRANET (intranet.dataforth.com) ### Microsoft 365 #### Tenant Information - **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584 - **Admin:** sysadmin@dataforth.com / Paper123!@# (synced with AD) #### Entra App Registration (Claude-Code-M365) - **Purpose:** Silent Graph API access for automation - **App ID:** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29 - **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3 - **Created:** 2025-12-22 - **Expires:** 2027-12-22 - **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All, Sites.ReadWrite.All, Files.ReadWrite.All, Reports.Read.All, AuditLog.Read.All, Application.ReadWrite.All, Device.ReadWrite.All, SecurityEvents.Read.All, IdentityRiskEvent.Read.All, Policy.Read.All, RoleManagement.ReadWrite.Directory ### NPS RADIUS Configuration - **Server:** 192.168.0.27 (AD1) - **Port:** 1812/UDP (auth), 1813/UDP (accounting) - **Shared Secret:** Gptf*77ttb!@#!@# - **RADIUS Client:** unifi (192.168.0.254) - **Network Policy:** Unifi - allows Domain Users 24/7 - **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP) - **AuthAttributeRequired:** False (required for UniFi OpenVPN) ### OpenVPN Routes (Split Tunnel) - 192.168.0.0/24 - 192.168.1.0/24 - 192.168.4.0/24 - 192.168.100.0/24 - 192.168.200.0/24 - 192.168.201.0/24 --- ## Client - Valley Wide Plastering (VWP) ### Network - **Subnet:** 172.16.9.0/24 ### UDM (UniFi Dream Machine) - **IP:** 172.16.9.1 - **SSH User:** root - **SSH Password:** Gptf*77ttb123!@#-vwp - **Role:** Gateway/firewall, VPN server, RADIUS client - **Access Methods:** SSH, Web ### VWP-DC1 (Domain Controller) - **IP:** 172.16.9.2 - **Hostname:** VWP-DC1.VWP.US - **Domain:** VWP.US (NetBIOS: VWP) - **SSH:** sysadmin / r3tr0gradE99# - **Role:** Primary DC, NPS/RADIUS server - **Added:** 2025-12-22 - **Access Methods:** RDP, WinRM ### NPS RADIUS Configuration - **RADIUS Server:** 172.16.9.2 - **RADIUS Ports:** 1812 (auth), 1813 (accounting) - **Clients:** UDM (172.16.9.1), VWP-Subnet (172.16.9.0/24) - **Shared Secret:** Gptf*77ttb123!@#-radius - **Policy:** "VPN-Access" - allows all authenticated users (24/7) - **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP) - **User Dial-in:** All VWP_Users set to Allow - **AuthAttributeRequired:** Disabled on clients - **Tested:** 2025-12-22, user cguerrero authenticated successfully - **Access Methods:** RADIUS protocol - **AD Structure:** - Users OU: OU=VWP_Users,DC=VWP,DC=US - Users with VPN Access (27 total): Darv, marreola, farias, smontigo, truiz, Tcapio, bgraffin, cguerrero, tsmith, tfetters, owner, cougar, Receptionist, Isacc, Traci, Payroll, Estimating, ARBilling, orders2, guru, sdooley, jguerrero, kshoemaker, rose, rguerrero, jrguerrero, Acctpay --- ## Client - Khalsa ### Network - **Subnet:** 172.16.50.0/24 ### UCG (UniFi Cloud Gateway) - **IP:** 172.16.50.1 - **SSH User:** azcomputerguru - **SSH Password:** Paper123!@#-camden (reset 2025-12-22) - **Notes:** Gateway/firewall, VPN server, SSH key added but not working - **Access Methods:** SSH, Web ### Switch - **User:** 8WfY8 - **Password:** tI3evTNBZMlnngtBc - **Access Methods:** Web ### Accountant Machine - **IP:** 172.16.50.168 - **User:** accountant - **Password:** Paper123!@#-accountant - **Local Admin:** localadmin / r3tr0gradE99! - **Added:** 2025-12-22 - **Notes:** VPN routing issue, RDP enabled - **Access Methods:** RDP --- ## Client - Scileppi Law Firm ### DS214se (Source NAS - Migration Source - POWERED OFF) - **Service:** Legacy NAS (source) - **IP:** 172.16.1.54 - **SSH User:** admin - **Password:** Th1nk3r^99 - **Storage:** 1.8TB (1.6TB used) - **Data:** User home folders (admin, Andrew Ross, Chris Scileppi, Samantha Nunez, etc.) - **Status:** Powered off after migration 2025-12-27 - **Access Methods:** SSH, Web ### Unraid (Source - Migration - POWERED OFF) - **Service:** Legacy Unraid (source) - **IP:** 172.16.1.21 - **SSH User:** root - **Password:** Th1nk3r^99 - **Role:** Data source for migration to RS2212+ - **Data:** /mnt/user/Scileppi (5.2TB) - Active: 1.4TB - Archived: 451GB - Billing: 17MB - Closed: 3.0TB - **Status:** Powered off after migration 2025-12-27 - **Access Methods:** SSH, Web ### RS2212+ (Destination NAS) - **Service:** Primary NAS (destination) - **IP:** 172.16.1.59 - **Hostname:** SL-SERVER - **SSH User:** sysadmin - **Password:** Gptf*77ttb123!@#-sl-server - **SSH Key:** claude-code@localadmin added to authorized_keys - **Storage:** 25TB total, 6.9TB used (28%) - **Data Share:** /volume1/Data (7.9TB - Active, Closed, Archived, Billing, MOTIONS BANK) - **Notes:** Migration and consolidation complete 2025-12-29 - **Access Methods:** SSH (key + password), Web, SMB ### RS2212+ User Accounts (Created 2025-12-29) | Username | Full Name | Password | Notes | |----------|-----------|----------|-------| | chris | Chris Scileppi | Scileppi2025! | Owner | | andrew | Andrew Ross | Scileppi2025! | Staff | | sylvia | Sylvia | Scileppi2025! | Staff | | rose | Rose | Scileppi2025! | Staff | | (TBD) | 5th user | - | Name pending | ### Migration/Consolidation Status - COMPLETE - **Completed:** 2025-12-29 - **Final Structure:** - Active: 2.5TB (merged Unraid + DS214se Open Cases) - Closed: 4.9TB (merged Unraid + DS214se Closed Cases) - Archived: 451GB - MOTIONS BANK: 21MB - Billing: 17MB - **Recycle Bin:** Emptied (recovered 413GB) - **Permissions:** Group "users" with 775 on /volume1/Data --- ## Client - heieck.org ### Microsoft 365 Migration - **Microsoft 365 Tenant:** heieckorg.onmicrosoft.com - **Admin User:** sysadmin@heieck.org - **Mailboxes:** - sheila@heieck.org (0.66 GB, 10,490 items) - jjh@heieck.org (2.39 GB, 31,463 items) - Passwords: Gptf*77ttb## (Exchange) ### Azure Storage (PST Import) - **Storage Account:** heieckimport - **Resource Group:** heieckimport_group - **Location:** East US - **Container:** pstimport - **SAS Token:** (expired 2026-01-22) - **Uploaded Files:** sheila.pst, jjh.pst (3.05 GB total) ### DNS Configuration (IX Server) **heieck.org zone:** - MX: 0 heieck-org.mail.protection.outlook.com - TXT (SPF): v=spf1 include:spf.protection.outlook.com -all - TXT (Verification): MS=ms31330906 - CNAME (autodiscover): autodiscover.outlook.com --- ## Client Sites - WHM/cPanel ### IX Server (ix.azcomputerguru.com) - **Service:** cPanel/WHM hosting server - **SSH Host:** ix.azcomputerguru.com - **Internal IP:** 172.16.3.10 (VPN required) - **SSH User:** root - **SSH Password:** Gptf*77ttb!@#!@# - **SSH Key:** guru@wsl key added to authorized_keys - **Role:** cPanel/WHM server hosting client sites - **Access Methods:** SSH, cPanel/WHM web ### data.grabbanddurando.com - **Service:** Client website (Grabb & Durando Law) - **Server:** IX (ix.azcomputerguru.com) - **cPanel Account:** grabblaw - **Site Path:** /home/grabblaw/public_html/data_grabbanddurando - **Site Admin User:** admin - **Site Admin Password:** GND-Paper123!@#-datasite - **Database:** grabblaw_gdapp_data - **DB User:** grabblaw_gddata - **DB Password:** GrabbData2025 - **Config File:** /home/grabblaw/public_html/data_grabbanddurando/connection.php - **Backups:** /home/grabblaw/public_html/data_grabbanddurando/backups_mariadb_fix/ - **Access Methods:** Web (admin), MySQL, SSH (via IX root) --- ## MSP Tools ### Syncro (PSA/RMM) - AZ Computer Guru - **Service:** PSA/RMM platform - **API Key:** T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3 - **Subdomain:** computerguru - **API Base URL:** https://computerguru.syncromsp.com/api/v1 - **API Docs:** https://api-docs.syncromsp.com/ - **Account:** AZ Computer Guru MSP - **Added:** 2025-12-18 - **Customers:** 5,064 (29 duplicates found) - **Access Methods:** API ### Autotask (PSA) - AZ Computer Guru - **Service:** PSA platform - **API Username:** dguyqap2nucge6r@azcomputerguru.com - **API Password:** z*6G4fT#oM~8@9Hxy$2Y7K$ma - **API Integration Code:** HYTYYZ6LA5HB5XK7IGNA7OAHQLH - **Integration Name:** ClaudeAPI - **API Zone:** webservices5.autotask.net - **API Docs:** https://autotask.net/help/developerhelp/Content/APIs/REST/REST_API_Home.htm - **Account:** AZ Computer Guru MSP - **Added:** 2025-12-18 - **Notes:** New API user "Claude API" - **Companies:** 5,499 (19 exact duplicates, 30+ near-duplicates) - **Access Methods:** REST API ### CIPP (CyberDrain Improved Partner Portal) - **Service:** M365 management portal - **URL:** https://cippcanvb.azurewebsites.net - **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d - **API Client Name:** ClaudeCipp2 (working) - **App ID (Client ID):** 420cb849-542d-4374-9cb2-3d8ae0e1835b - **Client Secret:** MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT - **Scope:** api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default - **CIPP-SAM App ID:** 91b9102d-bafd-43f8-b17a-f99479149b07 - **IP Range:** 0.0.0.0/0 (all IPs allowed) - **Auth Method:** OAuth 2.0 Client Credentials - **Updated:** 2025-12-23 - **Notes:** Working API client - **Access Methods:** REST API (OAuth 2.0) #### CIPP API Usage (Bash) ```bash # Get token ACCESS_TOKEN=$(curl -s -X POST "https://login.microsoftonline.com/ce61461e-81a0-4c84-bb4a-7b354a9a356d/oauth2/v2.0/token" \ -d "client_id=420cb849-542d-4374-9cb2-3d8ae0e1835b" \ -d "client_secret=MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT" \ -d "scope=api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default" \ -d "grant_type=client_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin).get('access_token', ''))") # Query endpoints (use tenant domain or tenant ID as TenantFilter) curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonorangreenllc.com" \ -H "Authorization: Bearer ${ACCESS_TOKEN}" ``` #### Old CIPP API Client (DO NOT USE) - **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9 - **Status:** Authenticated but all endpoints returned 403 ### Claude-MSP-Access (Multi-Tenant Graph API) - **Service:** Direct Graph API access for M365 investigations - **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d - **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418 - **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO - **Secret Expires:** 2026-12 (24 months) - **Sign-in Audience:** Multi-tenant (any Entra ID org) - **Purpose:** Direct Graph API access for M365 investigations and remediation - **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient - **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All - **Created:** 2025-12-29 - **Access Methods:** Graph API (OAuth 2.0) #### Usage (Python) ```python import requests tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent client_id = "fabb3421-8b34-484b-bc17-e46de9703418" client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO" # Get token token_resp = requests.post( f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token", data={ "client_id": client_id, "client_secret": client_secret, "scope": "https://graph.microsoft.com/.default", "grant_type": "client_credentials" } ) access_token = token_resp.json()["access_token"] # Query Graph API headers = {"Authorization": f"Bearer {access_token}"} users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers) ``` --- ## Tailscale Network | Tailscale IP | Hostname | Owner | OS | Notes | |--------------|----------|-------|-----|-------| | 100.79.69.82 | pfsense-1 | mike@ | freebsd | Gateway (alternate: 100.119.153.74 pfsense-2) | | 100.125.36.6 | acg-m-l5090 | mike@ | windows | Workstation | | 100.92.230.111 | acg-tech-01l | mike@ | windows | Tech laptop | | 100.96.135.117 | acg-tech-02l | mike@ | windows | Tech laptop | | 100.113.45.7 | acg-tech03l | howard@ | windows | Tech laptop | | 100.77.166.22 | desktop-hjfjtep | mike@ | windows | Desktop | | 100.101.145.100 | guru-legion9 | mike@ | windows | Laptop | | 100.119.194.51 | guru-surface8 | howard@ | windows | Surface | | 100.66.103.110 | magus-desktop | rob@ | windows | Desktop | | 100.66.167.120 | magus-pc | rob@ | windows | Workstation | --- ## SSH Public Keys ### guru@wsl (Windows/WSL) - **User:** guru - **Sudo Password:** Window123!@#-wsl - **Key Type:** ssh-ed25519 - **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl - **Usage:** WSL SSH authentication - **Authorized on:** GuruRMM build server, IX server, Jupiter, Saturn ### azcomputerguru@local (Mac) - **User:** azcomputerguru - **Key Type:** ssh-ed25519 - **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local - **Usage:** Mac SSH authentication - **Authorized on:** GuruRMM build server, IX server ### claude-code@localadmin (Windows) - **Key Type:** ssh-ed25519 - **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABnQjolTxDtfqOwdDjamK1oyFPiQnaNT/tAgsIHH1Zo - **Authorized On:** pfSense --- ## VPN Access ### Peaceful Spirit VPN (L2TP/IPSec) - **Server IP:** 98.190.129.150 - **Tunnel Type:** L2TP/IPSec - **Pre-Shared Key (PSK):** z5zkNBds2V9eIkdey09Zm6Khil3DAZs8 - **Username:** pst-admin - **Password:** 24Hearts$ - **Connection Name:** Peaceful Spirit VPN - **Purpose:** Remote access to Peaceful Spirit Country Club network - **Authentication:** MS-CHAPv2 with PSK - **Split Tunneling:** Enabled (only CC traffic uses VPN) - **Setup Script:** D:\ClaudeTools\Create-PeacefulSpiritVPN.ps1 - **Quick Setup:** D:\ClaudeTools\VPN_QUICK_SETUP.md **Network Configuration (UniFi Router at CC):** - **Remote Network:** 192.168.0.0/24 - **DNS Server:** 192.168.0.2 - **Gateway:** 192.168.0.10 **Complete Setup (Run as Administrator):** ```powershell # Step 1: Create VPN connection with split tunneling Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MsChapv2 -EncryptionLevel Required -AllUserConnection -RememberCredential -SplitTunneling $true # Step 2: Add route for CC network (192.168.0.0/24) Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection # Step 3: Configure DNS server Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2" # Step 4: Save credentials for pre-login access rasdial "Peaceful Spirit VPN" "pst-admin" "24Hearts$" rasdial "Peaceful Spirit VPN" /disconnect # Step 5: Enable pre-login VPN Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord ``` **Quick Connect:** ```powershell rasdial "Peaceful Spirit VPN" ``` **Disconnect:** ```powershell rasdial "Peaceful Spirit VPN" /disconnect ``` --- ## Connection Testing ### Test Database Connection ```bash mysql -h 172.16.3.30 -u claudetools -p claudetools # Password: CT_e8fcd5a3952030a79ed6debae6c954ed ``` ### Test API Connectivity ```bash curl http://172.16.3.30:8001/api/health ``` ### Test Gitea SSH ```bash ssh -p 2222 git@172.16.3.20 # Should return: "Hi there! You've successfully authenticated..." ``` ### Test AD2 Access (from Dataforth network) ```cmd net use T: \\192.168.0.6\test /user:INTRANET\sysadmin Paper123!@# ``` ### Test NAS Access (from Dataforth network) ```cmd net use T: \\192.168.0.9\test ``` --- ## Security Notes - **Never commit this file to public repositories** - **Credentials are stored unredacted for context recovery** - **ClaudeTools encrypts credentials in database with AES-256-GCM** - **JWT tokens expire after configured duration** - **SSH keys required for Gitea access (ed25519)** - **Dataforth network is isolated (192.168.0.0/24)** - **AD2 has SMB1 disabled for security (post crypto-attack)** - **All production credentials should be rotated regularly** --- ## Context Recovery Usage When a new Claude session starts or context is lost: 1. **Read this file first** - Get all credentials and infrastructure details 2. **Check session-logs/** - Find recent work and decisions 3. **Read SESSION_STATE.md** - Get project status and phase 4. **Read .claude/claude.md** - Get project overview This ensures full context recovery without asking user for information already documented.