1→# Credentials & Authorization Reference 2→**Last Updated:** 2025-12-16 3→**Purpose:** Centralized credentials for Claude Code context recovery across all machines 4→ 5→--- 6→ 7→## Infrastructure - SSH Access 8→ 9→### Jupiter (Unraid Primary) 10→- **Host:** 172.16.3.20 11→- **User:** root 12→- **Port:** 22 13→- **Password:** Th1nk3r^99## 14→- **WebUI Password:** Th1nk3r^99## 15→- **Role:** Primary container host (Gitea, NPM, GuruRMM, media) 16→- **iDRAC IP:** 172.16.1.73 (DHCP) 17→- **iDRAC User:** root 18→- **iDRAC Password:** Window123!@#-idrac 19→- **iDRAC SSH:** Enabled (port 22) 20→- **IPMI Key:** All zeros 21→ 22→### Saturn (Unraid Secondary) 23→- **Host:** 172.16.3.21 24→- **User:** root 25→- **Port:** 22 26→- **Password:** r3tr0gradE99 27→- **Role:** Migration source, being consolidated to Jupiter 28→ 29→### pfSense (Firewall) 30→- **Host:** 172.16.0.1 31→- **User:** admin 32→- **Port:** 2248 33→- **Password:** r3tr0gradE99!! 34→- **Role:** Firewall, Tailscale gateway 35→- **Tailscale IP:** 100.79.69.82 (pfsense-1) 36→ 37→### OwnCloud VM (on Jupiter) 38→- **Host:** 172.16.3.22 39→- **Hostname:** cloud.acghosting.com 40→- **User:** root 41→- **Port:** 22 42→- **Password:** Paper123!@#-unifi! 43→- **OS:** Rocky Linux 9.6 44→- **Role:** OwnCloud file sync server 45→- **Services:** Apache, MariaDB, PHP-FPM, Redis, Datto RMM agents 46→- **Storage:** SMB mount from Jupiter (/mnt/user/OwnCloud) 47→- **Note:** Jupiter has SSH key auth configured 48→ 49→### GuruRMM Build Server 50→- **Host:** 172.16.3.30 51→- **Hostname:** gururmm 52→- **User:** guru 53→- **Port:** 22 54→- **Password:** Gptf*77ttb123!@#-rmm 55→- **Sudo Password:** Gptf*77ttb123!@#-rmm (special chars cause issues with sudo -S) 56→- **OS:** Ubuntu 22.04 57→- **Role:** GuruRMM/GuruConnect dedicated server (API, DB, Dashboard, Downloads, GuruConnect relay) 58→- **Services:** nginx, PostgreSQL, gururmm-server, gururmm-agent, guruconnect-server 59→- **SSH Key Auth:** ✅ Working from Windows/WSL (ssh guru@172.16.3.30) 60→- **Service Restart Method:** Services run as guru user, so `pkill` works without sudo. Deploy pattern: 61→ 1. Build: `cargo build --release --target x86_64-unknown-linux-gnu -p ` 62→ 2. Rename old: `mv target/release/binary target/release/binary.old` 63→ 3. Copy new: `cp target/x86_64.../release/binary target/release/binary` 64→ 4. Kill old: `pkill -f binary.old` (systemd auto-restarts) 65→- **GuruConnect:** Static files in /home/guru/guru-connect/server/static/ 66→- **GuruConnect Startup:** `~/guru-connect/start-server.sh` (ALWAYS use this, kills old process and uses correct binary path) 67→- **GuruConnect Binary:** /home/guru/guru-connect/target/x86_64-unknown-linux-gnu/release/guruconnect-server 68→ 69→--- 70→ 71→## Services - Web Applications 72→ 73→### Gitea (Git Server) 74→- **URL:** https://git.azcomputerguru.com/ 75→- **Internal:** http://172.16.3.20:3000 76→- **SSH:** ssh://git@172.16.3.20:2222 77→- **User:** mike@azcomputerguru.com 78→- **Password:** Window123!@#-git 79→- **API Token:** 9b1da4b79a38ef782268341d25a4b6880572063f 80→ 81→### NPM (Nginx Proxy Manager) 82→- **Admin URL:** http://172.16.3.20:7818 83→- **HTTP Port:** 1880 84→- **HTTPS Port:** 18443 85→- **User:** mike@azcomputerguru.com 86→- **Password:** Paper123!@#-unifi 87→ 88→### Cloudflare 89→- **API Token (Full DNS):** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj 90→- **API Token (Legacy/Limited):** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w 91→- **Permissions:** Zone:Read, Zone:Edit, DNS:Read, DNS:Edit 92→- **Used for:** DNS management, WHM plugin, cf-dns CLI 93→- **Domain:** azcomputerguru.com 94→- **Notes:** New full-access token added 2025-12-19 95→ 96→--- 97→ 98→## Projects - GuruRMM 99→ 100→### Dashboard/API Login 101→- **Email:** admin@azcomputerguru.com 102→- **Password:** GuruRMM2025 103→- **Role:** admin 104→ 105→### Database (PostgreSQL) 106→- **Host:** gururmm-db container (172.16.3.20) 107→- **Database:** gururmm 108→- **User:** gururmm 109→- **Password:** 43617ebf7eb242e814ca9988cc4df5ad 110→ 111→--- 112→ 113→## Projects - GuruConnect 114→ 115→### Dashboard Login 116→- **URL:** https://connect.azcomputerguru.com/login 117→- **Username:** admin 118→- **Password:** uwYmX6aygmJ@ZGqv 119→- **Role:** admin 120→- **Created:** 2025-12-29 121→ 122→### Database (PostgreSQL on build server) 123→- **Host:** localhost (172.16.3.30) 124→- **Port:** 5432 125→- **Database:** guruconnect 126→- **User:** guruconnect 127→- **Password:** gc_a7f82d1e4b9c3f60 128→- **DATABASE_URL:** `postgres://guruconnect:gc_a7f82d1e4b9c3f60@localhost:5432/guruconnect` 129→- **Created:** 2025-12-28 130→ 131→--- 132→ 133→## Projects - GuruRMM (continued) 134→ 135→### API Server 136→- **External URL:** https://rmm-api.azcomputerguru.com 137→- **Internal URL:** http://172.16.3.20:3001 138→- **JWT Secret:** ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE= 139→ 140→### Microsoft Entra ID (SSO) 141→- **App Name:** GuruRMM Dashboard 142→- **App ID (Client ID):** 18a15f5d-7ab8-46f4-8566-d7b5436b84b6 143→- **Object ID:** 34c80aa8-385a-4bea-af85-f8bf67decc8f 144→- **Client Secret:** gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w 145→- **Secret Expires:** 2026-12-21 146→- **Sign-in Audience:** Multi-tenant (any Azure AD org) 147→- **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback 148→- **API Permissions:** openid, email, profile 149→- **Notes:** Created 2025-12-21 for GuruRMM SSO 150→ 151→### CI/CD (Build Automation) 152→- **Webhook URL:** http://172.16.3.30/webhook/build 153→- **Webhook Secret:** gururmm-build-secret 154→- **Build Script:** /opt/gururmm/build-agents.sh 155→- **Build Log:** /var/log/gururmm-build.log 156→- **Gitea Webhook ID:** 1 157→- **Trigger:** Push to main branch 158→- **Builds:** Linux (x86_64) and Windows (x86_64) agents 159→- **Deploy Path:** /var/www/gururmm/downloads/ 160→ 161→### Build Server SSH Key (for Gitea) 162→- **Key Name:** gururmm-build-server 163→- **Public Key:** 164→``` 165→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi guru@gururmm-build 166→``` 167→- **Added to:** Gitea (azcomputerguru account) 168→ 169→### Clients & Sites 170→#### Glaztech Industries (GLAZ) 171→- **Client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9 172→- **Site:** SLC - Salt Lake City 173→- **Site ID:** 290bd2ea-4af5-49c6-8863-c6d58c5a55de 174→- **Site Code:** DARK-GROVE-7839 175→- **API Key:** grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI 176→- **Created:** 2025-12-18 177→ 178→--- 179→ 180→## Client Sites - WHM/cPanel 181→ 182→### IX Server (ix.azcomputerguru.com) 183→- **SSH Host:** ix.azcomputerguru.com 184→- **Internal IP:** 172.16.3.10 (VPN required) 185→- **SSH User:** root 186→- **SSH Password:** Gptf*77ttb!@#!@# 187→- **SSH Key:** guru@wsl key added to authorized_keys 188→- **Role:** cPanel/WHM server hosting client sites 189→ 190→### WebSvr (websvr.acghosting.com) 191→- **Host:** websvr.acghosting.com 192→- **SSH User:** root 193→- **SSH Password:** r3tr0gradE99# 194→- **API Token:** 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O 195→- **Access Level:** Full access 196→- **Role:** Legacy cPanel/WHM server (migration source to IX) 197→ 198→### data.grabbanddurando.com 199→- **Server:** IX (ix.azcomputerguru.com) 200→- **cPanel Account:** grabblaw 201→- **Site Path:** /home/grabblaw/public_html/data_grabbanddurando 202→- **Site Admin User:** admin 203→- **Site Admin Password:** GND-Paper123!@#-datasite 204→- **Database:** grabblaw_gdapp_data 205→- **DB User:** grabblaw_gddata 206→- **DB Password:** GrabbData2025 207→- **Config File:** /home/grabblaw/public_html/data_grabbanddurando/connection.php 208→- **Backups:** /home/grabblaw/public_html/data_grabbanddurando/backups_mariadb_fix/ 209→ 210→### GoDaddy VPS (Legacy) 211→- **IP:** 208.109.235.224 212→- **Hostname:** 224.235.109.208.host.secureserver.net 213→- **Auth:** SSH key 214→- **Database:** grabblaw_gdapp 215→- **Note:** Old server, data migrated to IX 216→ 217→--- 218→ 219→## Seafile (on Jupiter - Migrated 2025-12-27) 220→ 221→### Container 222→- **Host:** Jupiter (172.16.3.20) 223→- **URL:** https://sync.azcomputerguru.com 224→- **Port:** 8082 (internal), proxied via NPM 225→- **Containers:** seafile, seafile-mysql, seafile-memcached, seafile-elasticsearch 226→- **Docker Compose:** /mnt/user0/SeaFile/DockerCompose/docker-compose.yml 227→- **Data Path:** /mnt/user0/SeaFile/seafile-data/ 228→ 229→### Seafile Admin 230→- **Email:** mike@azcomputerguru.com 231→- **Password:** r3tr0gradE99# 232→ 233→### Database (MariaDB) 234→- **Container:** seafile-mysql 235→- **Image:** mariadb:10.6 236→- **Root Password:** db_dev 237→- **Seafile User:** seafile 238→- **Seafile Password:** 64f2db5e-6831-48ed-a243-d4066fe428f9 239→- **Databases:** ccnet_db (users), seafile_db (data), seahub_db (web) 240→ 241→### Elasticsearch 242→- **Container:** seafile-elasticsearch 243→- **Image:** elasticsearch:7.17.26 244→- **Note:** Upgraded from 7.16.2 for kernel 6.12 compatibility 245→ 246→### Microsoft Graph API (Email) 247→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d 248→- **Client ID:** 15b0fafb-ab51-4cc9-adc7-f6334c805c22 249→- **Client Secret:** rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk 250→- **Sender Email:** noreply@azcomputerguru.com 251→- **Used for:** Seafile email notifications via Graph API 252→ 253→### Migration Notes 254→- **Migrated from:** Saturn (172.16.3.21) on 2025-12-27 255→- **Saturn Status:** Seafile stopped, data intact for rollback (keep 1 week) 256→ 257→--- 258→ 259→## NPM Proxy Hosts Reference 260→ 261→| ID | Domain | Backend | SSL Cert | 262→|----|--------|---------|----------| 263→| 1 | emby.azcomputerguru.com | 172.16.2.99:8096 | npm-1 | 264→| 2 | git.azcomputerguru.com | 172.16.3.20:3000 | npm-2 | 265→| 4 | plexrequest.azcomputerguru.com | 172.16.3.31:5055 | npm-4 | 266→| 5 | rmm-api.azcomputerguru.com | 172.16.3.20:3001 | npm-6 | 267→| - | unifi.azcomputerguru.com | 172.16.3.28:8443 | npm-5 | 268→| 8 | sync.azcomputerguru.com | 172.16.3.20:8082 | npm-8 | 269→ 270→--- 271→ 272→## Tailscale Network 273→ 274→| Tailscale IP | Hostname | Owner | OS | 275→|--------------|----------|-------|-----| 276→| 100.79.69.82 (pfsense-1) | pfsense | mike@ | freebsd | 277→| 100.125.36.6 | acg-m-l5090 | mike@ | windows | 278→| 100.92.230.111 | acg-tech-01l | mike@ | windows | 279→| 100.96.135.117 | acg-tech-02l | mike@ | windows | 280→| 100.113.45.7 | acg-tech03l | howard@ | windows | 281→| 100.77.166.22 | desktop-hjfjtep | mike@ | windows | 282→| 100.101.145.100 | guru-legion9 | mike@ | windows | 283→| 100.119.194.51 | guru-surface8 | howard@ | windows | 284→| 100.66.103.110 | magus-desktop | rob@ | windows | 285→| 100.66.167.120 | magus-pc | rob@ | windows | 286→ 287→--- 288→ 289→## SSH Public Keys 290→ 291→### guru@wsl (Windows/WSL) 292→- **User:** guru 293→- **Sudo Password:** Window123!@#-wsl 294→- **SSH Key:** 295→``` 296→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl 297→``` 298→ 299→### azcomputerguru@local (Mac) 300→- **User:** azcomputerguru 301→- **SSH Key:** 302→``` 303→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local 304→``` 305→ 306→--- 307→ 308→## Quick Reference Commands 309→ 310→### NPM API Auth 311→```bash 312→curl -s -X POST http://172.16.3.20:7818/api/tokens \ 313→ -H "Content-Type: application/json" \ 314→ -d '{"identity":"mike@azcomputerguru.com","secret":"Paper123!@#-unifi"}' 315→``` 316→ 317→### Gitea API 318→```bash 319→curl -H "Authorization: token 9b1da4b79a38ef782268341d25a4b6880572063f" \ 320→ https://git.azcomputerguru.com/api/v1/repos/search 321→``` 322→ 323→### GuruRMM Health Check 324→```bash 325→curl http://172.16.3.20:3001/health 326→``` 327→ 328→--- 329→ 330→## MSP Tools 331→ 332→### Syncro (PSA/RMM) - AZ Computer Guru 333→- **API Key:** T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3 334→- **Subdomain:** computerguru 335→- **API Base URL:** https://computerguru.syncromsp.com/api/v1 336→- **API Docs:** https://api-docs.syncromsp.com/ 337→- **Account:** AZ Computer Guru MSP 338→- **Notes:** Added 2025-12-18 339→ 340→### Autotask (PSA) - AZ Computer Guru 341→- **API Username:** dguyqap2nucge6r@azcomputerguru.com 342→- **API Password:** z*6G4fT#oM~8@9Hxy$2Y7K$ma 343→- **API Integration Code:** HYTYYZ6LA5HB5XK7IGNA7OAHQLH 344→- **Integration Name:** ClaudeAPI 345→- **API Zone:** webservices5.autotask.net 346→- **API Docs:** https://autotask.net/help/developerhelp/Content/APIs/REST/REST_API_Home.htm 347→- **Account:** AZ Computer Guru MSP 348→- **Notes:** Added 2025-12-18, new API user "Claude API" 349→ 350→### CIPP (CyberDrain Improved Partner Portal) 351→- **URL:** https://cippcanvb.azurewebsites.net 352→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d 353→- **API Client Name:** ClaudeCipp2 (working) 354→- **App ID (Client ID):** 420cb849-542d-4374-9cb2-3d8ae0e1835b 355→- **Client Secret:** MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT 356→- **Scope:** api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default 357→- **CIPP-SAM App ID:** 91b9102d-bafd-43f8-b17a-f99479149b07 358→- **IP Range:** 0.0.0.0/0 (all IPs allowed) 359→- **Auth Method:** OAuth 2.0 Client Credentials 360→- **Notes:** Updated 2025-12-23, working API client 361→ 362→#### CIPP API Usage (Bash) 363→```bash 364→# Get token 365→ACCESS_TOKEN=$(curl -s -X POST "https://login.microsoftonline.com/ce61461e-81a0-4c84-bb4a-7b354a9a356d/oauth2/v2.0/token" \ 366→ -d "client_id=420cb849-542d-4374-9cb2-3d8ae0e1835b" \ 367→ -d "client_secret=MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT" \ 368→ -d "scope=api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default" \ 369→ -d "grant_type=client_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin).get('access_token', ''))") 370→ 371→# Query endpoints (use tenant domain or tenant ID as TenantFilter) 372→curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonorangreenllc.com" \ 373→ -H "Authorization: Bearer ${ACCESS_TOKEN}" 374→ 375→# Other useful endpoints: 376→# ListTenants?AllTenants=true - List all managed tenants 377→# ListUsers?TenantFilter={tenant} - List users 378→# ListMailboxRules?TenantFilter={tenant} - Check mailbox rules 379→# BECCheck?TenantFilter={tenant}&UserID={userid} - BEC investigation 380→``` 381→ 382→#### Old API Client (403 errors - do not use) 383→- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9 384→- **Status:** Authenticated but all endpoints returned 403 385→ 386→### Claude-MSP-Access (Multi-Tenant Graph API) 387→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d 388→- **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418 389→- **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO 390→- **Secret Expires:** 2026-12 (24 months) 391→- **Sign-in Audience:** Multi-tenant (any Entra ID org) 392→- **Purpose:** Direct Graph API access for M365 investigations and remediation 393→- **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient 394→- **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All 395→- **Created:** 2025-12-29 396→ 397→#### Usage (Python) 398→```python 399→import requests 400→ 401→tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent 402→client_id = "fabb3421-8b34-484b-bc17-e46de9703418" 403→client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO" 404→ 405→# Get token 406→token_resp = requests.post( 407→ f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token", 408→ data={ 409→ "client_id": client_id, 410→ "client_secret": client_secret, 411→ "scope": "https://graph.microsoft.com/.default", 412→ "grant_type": "client_credentials" 413→ } 414→) 415→access_token = token_resp.json()["access_token"] 416→ 417→# Query Graph API 418→headers = {"Authorization": f"Bearer {access_token}"} 419→users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers) 420→``` 421→ 422→--- 423→ 424→## Client - MVAN Inc 425→ 426→### Microsoft 365 Tenant 1 427→- **Tenant:** mvan.onmicrosoft.com 428→- **Admin User:** sysadmin@mvaninc.com 429→- **Password:** r3tr0gradE99# 430→- **Notes:** Global admin, project to merge/trust with T2 431→ 432→--- 433→ 434→## Client - BG Builders LLC 435→ 436→### Microsoft 365 Tenant 437→- **Tenant:** bgbuildersllc.com 438→- **CIPP Name:** sonorangreenllc.com 439→- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27 440→- **Admin User:** sysadmin@bgbuildersllc.com 441→- **Password:** Window123!@#-bgb 442→- **Notes:** Added 2025-12-19 443→ 444→### Security Investigation (2025-12-22) 445→- **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley) 446→- **Symptoms:** Suspicious sent items reported by user 447→- **Findings:** 448→ - Gmail OAuth app with EAS.AccessAsUser.All (REMOVED) 449→ - "P2P Server" app registration backdoor (DELETED by admin) 450→ - No malicious mailbox rules or forwarding 451→ - Sign-in logs unavailable (no Entra P1 license) 452→- **Remediation:** 453→ - Password reset: `5ecwyHv6&dP7` (must change on login) 454→ - All sessions revoked 455→ - Gmail OAuth consent removed 456→ - P2P Server backdoor deleted 457→- **Status:** RESOLVED 458→ 459→--- 460→ 461→## Client - Dataforth 462→ 463→### Network 464→- **Subnet:** 192.168.0.0/24 465→- **Domain:** INTRANET (intranet.dataforth.com) 466→ 467→### UDM (Unifi Dream Machine) 468→- **IP:** 192.168.0.254 469→- **SSH User:** root 470→- **SSH Password:** Paper123!@#-unifi 471→- **Web User:** azcomputerguru 472→- **Web Password:** Paper123!@#-unifi 473→- **2FA:** Push notification enabled 474→- **Notes:** Gateway/firewall, OpenVPN server 475→ 476→### AD1 (Domain Controller) 477→- **IP:** 192.168.0.27 478→- **Hostname:** AD1.intranet.dataforth.com 479→- **User:** INTRANET\sysadmin 480→- **Password:** Paper123!@# 481→- **Role:** Primary DC, NPS/RADIUS server 482→- **NPS Ports:** 1812/1813 (auth/accounting) 483→ 484→### AD2 (Domain Controller) 485→- **IP:** 192.168.0.6 486→- **Hostname:** AD2.intranet.dataforth.com 487→- **User:** INTRANET\sysadmin 488→- **Password:** Paper123!@# 489→- **Role:** Secondary DC, file server 490→ 491→### NPS RADIUS Configuration 492→- **Client Name:** unifi 493→- **Client IP:** 192.168.0.254 494→- **Shared Secret:** Gptf*77ttb!@#!@# 495→- **Policy:** "Unifi" - allows Domain Users 496→ 497→### D2TESTNAS (SMB1 Proxy) 498→- **IP:** 192.168.0.9 499→- **Web/SSH User:** admin 500→- **Web/SSH Password:** Paper123!@#-nas 501→- **Role:** DOS machine SMB1 proxy 502→- **Notes:** Added 2025-12-14 503→ 504→--- 505→ 506→## Client - Valley Wide Plastering 507→ 508→### Network 509→- **Subnet:** 172.16.9.0/24 510→ 511→### UDM (UniFi Dream Machine) 512→- **IP:** 172.16.9.1 513→- **SSH User:** root 514→- **SSH Password:** Gptf*77ttb123!@#-vwp 515→- **Notes:** Gateway/firewall, VPN server, RADIUS client 516→ 517→### VWP-DC1 (Domain Controller) 518→- **IP:** 172.16.9.2 519→- **Hostname:** VWP-DC1 520→- **User:** sysadmin 521→- **Password:** r3tr0gradE99# 522→- **Role:** Primary DC, NPS/RADIUS server 523→- **Notes:** Added 2025-12-22 524→ 525→### NPS RADIUS Configuration 526→- **RADIUS Server:** 172.16.9.2 527→- **RADIUS Ports:** 1812 (auth), 1813 (accounting) 528→- **Clients:** UDM (172.16.9.1), VWP-Subnet (172.16.9.0/24) 529→- **Shared Secret:** Gptf*77ttb123!@#-radius 530→- **Policy:** "VPN-Access" - allows all authenticated users (24/7) 531→- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP) 532→- **User Dial-in:** All VWP_Users set to Allow 533→- **AuthAttributeRequired:** Disabled on clients 534→- **Tested:** 2025-12-22, user cguerrero authenticated successfully 535→ 536→### Dataforth - Entra App Registration (Claude-Code-M365) 537→- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584 538→- **App ID (Client ID):** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29 539→- **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3 540→- **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All 541→- **Created:** 2025-12-22 542→- **Use:** Silent Graph API access to Dataforth tenant 543→ 544→--- 545→ 546→## Client - CW Concrete LLC 547→ 548→### Microsoft 365 Tenant 549→- **Tenant:** cwconcretellc.com 550→- **CIPP Name:** cwconcretellc.com 551→- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711 552→- **Default Domain:** NETORGFT11452752.onmicrosoft.com 553→- **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification 554→ 555→### Security Investigation (2025-12-22) 556→- **Findings:** 557→ - Graph Command Line Tools OAuth consent with high privileges (REMOVED) 558→ - "test" backdoor app registration with multi-tenant access (DELETED) 559→ - Apple Internet Accounts OAuth (left - likely iOS device) 560→ - No malicious mailbox rules or forwarding 561→- **Remediation:** 562→ - All sessions revoked for all 4 users 563→ - Backdoor apps removed 564→- **Status:** RESOLVED 565→ 566→--- 567→ 568→## Client - Khalsa 569→ 570→### Network 571→- **Subnet:** 172.16.50.0/24 572→ 573→### UCG (UniFi Cloud Gateway) 574→- **IP:** 172.16.50.1 575→- **SSH User:** azcomputerguru 576→- **SSH Password:** Paper123!@#-camden (reset 2025-12-22) 577→- **Notes:** Gateway/firewall, VPN server, SSH key added but not working 578→ 579→### Switch 580→- **User:** 8WfY8 581→- **Password:** tI3evTNBZMlnngtBc 582→ 583→### Accountant Machine 584→- **IP:** 172.16.50.168 585→- **User:** accountant 586→- **Password:** Paper123!@#-accountant 587→- **Notes:** Added 2025-12-22, VPN routing issue 588→ 589→--- 590→ 591→## Client - Scileppi Law Firm 592→ 593→### DS214se (Source NAS - being migrated) 594→- **IP:** 172.16.1.54 595→- **SSH User:** admin 596→- **Password:** Th1nk3r^99 597→- **Storage:** 1.8TB (1.6TB used) 598→- **Data:** User home folders (admin, Andrew Ross, Chris Scileppi, Samantha Nunez, etc.) 599→ 600→### Unraid (Source - Migration) 601→- **IP:** 172.16.1.21 602→- **SSH User:** root 603→- **Password:** Th1nk3r^99 604→- **Role:** Data source for migration to RS2212+ 605→ 606→### RS2212+ (Destination NAS) 607→- **IP:** 172.16.1.59 608→- **Hostname:** SL-SERVER 609→- **SSH User:** sysadmin 610→- **Password:** Gptf*77ttb123!@#-sl-server 611→- **SSH Key:** claude-code@localadmin added to authorized_keys 612→- **Storage:** 25TB total, 6.9TB used (28%) 613→- **Data Share:** /volume1/Data (7.9TB - Active, Closed, Archived, Billing, MOTIONS BANK) 614→- **Notes:** Migration and consolidation complete 2025-12-29 615→ 616→### RS2212+ User Accounts (Created 2025-12-29) 617→| Username | Full Name | Password | Notes | 618→|----------|-----------|----------|-------| 619→| chris | Chris Scileppi | Scileppi2025! | Owner | 620→| andrew | Andrew Ross | Scileppi2025! | Staff | 621→| sylvia | Sylvia | Scileppi2025! | Staff | 622→| rose | Rose | Scileppi2025! | Staff | 623→| (TBD) | 5th user | - | Name pending | 624→ 625→### Migration/Consolidation Status (COMPLETE) 626→- **Completed:** 2025-12-29 627→- **Final Structure:** 628→ - Active: 2.5TB (merged Unraid + DS214se Open Cases) 629→ - Closed: 4.9TB (merged Unraid + DS214se Closed Cases) 630→ - Archived: 451GB 631→ - MOTIONS BANK: 21MB 632→ - Billing: 17MB 633→- **Recycle Bin:** Emptied (recovered 413GB) 634→- **Permissions:** Group "users" with 775 on /volume1/Data 635→ Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.