--- type: client name: khalsa display_name: Khalsa last_compiled: 2026-05-24 compiled_by: DESKTOP-0O8A1RL/claude-main sources: - clients/khalsa/docs/overview.md - clients/khalsa/docs/cloud/m365.md - clients/khalsa/docs/cloud/azure.md - clients/khalsa/docs/rmm/rmm.md - clients/khalsa/docs/security/antivirus.md - clients/khalsa/docs/security/backup.md - clients/khalsa/docs/issues/log.md - clients/khalsa/docs/apple-domain-join.md - clients/khalsa/docs/network/README.md - clients/khalsa/docs/network/camden/topology.md - clients/khalsa/docs/network/camden/firewall.md - clients/khalsa/docs/network/camden/dns.md - clients/khalsa/docs/network/camden/dhcp.md - clients/khalsa/docs/network/camden/vlans.md - clients/khalsa/docs/network/river/topology.md - clients/khalsa/docs/network/river/firewall.md - clients/khalsa/docs/network/river/dns.md - clients/khalsa/docs/network/river/dhcp.md - clients/khalsa/docs/network/river/vlans.md - clients/khalsa/PROJECT_STATE.md --- # Khalsa ## Overview New client in ONBOARDING status as of 2026-04-16. Standard client directory structure applied by Howard. Multi-site environment with two locations: **Camden** and **River**. Onboarding is incomplete — infrastructure details, contacts, and credentials have not yet been captured to the vault. - **Business type:** *(not documented)* - **Locations:** 2 (Camden, River) - **Total users:** *(not documented)* - **Billing model:** *(not documented)* - **Billing rate:** *(not documented)* - **Contract status:** ONBOARDING — terms not yet documented - **Hours remaining:** *(not documented)* [WARNING] All template fields in overview.md, m365.md, azure.md, rmm.md, antivirus.md, and backup.md are blank. The only substantive technical content in the entire client directory is `docs/apple-domain-join.md`. Onboarding must be completed before this client can be effectively supported. --- ## Contacts All contact fields in overview.md are blank. No primary contact, IT contact, names, phones, or emails documented. - **Primary Contact:** *(not documented)* - **IT Contact:** *(not documented)* - **Location (Camden):** *(not documented)* - **Location (River):** *(not documented)* --- ## Infrastructure No server or workstation inventory has been captured. The following is known only from `docs/apple-domain-join.md`: ### Known Servers | Hostname | IP | Role | OS | Notes | |----------|----|------|----|-------| | TROUT | 10.11.12.254 | Domain Controller, Primary DNS | *(not documented)* | khalsa.local domain; DNS forwarder at 10.11.12.1 | | *(unknown)* | 10.11.12.243 | DNS server | *(not documented)* | [WARNING] This is a DNS server but NOT the DC — do not confuse the two | ### Workstations *(not documented)* ### Active Directory - **Domain:** `khalsa.local` - **Domain admin account:** `guru` - **DC hostname:** TROUT at 10.11.12.254 - **DNS primary:** 10.11.12.254 (DC/TROUT) - **DNS secondary:** 10.11.12.1 - Kerberos (port 88), LDAP (port 389), SMB (port 445) required to reach DC --- ## Network Two sites: Camden and River. All network template files (topology, firewall, DNS, DHCP, VLANs) are blank placeholders for both sites — no subnets, IPs, hardware, ISPs, or VPN details are recorded. ### Camden - **Topology:** *(not documented — template only)* - **Firewall:** *(not documented — template only)* - **DNS:** *(not documented — template only)* - **DHCP:** *(not documented — template only)* - **VLANs:** Template defines VLAN IDs 1, 10, 20, 30, 40, 50, 60, 100 (standard schema: Management, Servers, Workstations, VoIP, WiFi-Corp, WiFi-Guest, Security) — but no subnets or IPs filled in. ### River - **Topology:** *(not documented — template only)* - **Firewall:** *(not documented — template only)* - **DNS:** *(not documented — template only)* - **DHCP:** *(not documented — template only)* - **VLANs:** Same VLAN ID schema as Camden — no subnets or IPs filled in. ### Site-to-Site Connectivity *(not documented)* — firewall.md VPN sections are blank for both sites. ### Confirmed Network Info (from apple-domain-join.md) - DC/DNS: TROUT at 10.11.12.254 (implies /24 range starting with 10.11.12.x) - Secondary DNS: 10.11.12.1 [unverified — likely a firewall or router] - 10.11.12.243 is a DNS server (role unknown, not the DC) - Site assignment of these IPs (Camden vs River) is unknown --- ## Cloud / M365 All M365 and Azure template fields are blank. No tenant name, tenant ID, domain, licenses, Exchange settings, SharePoint, Teams, Entra, or Defender details are documented. - **M365 tenant:** *(not documented)* - **Azure subscription:** *(not documented)* - **Other cloud services:** *(not documented)* --- ## GuruRMM All RMM template fields are blank. - **Client ID:** *(not documented)* - **Site IDs:** *(not documented)* - **Enrolled agents:** *(not documented)* - **Monitoring policies:** Template placeholders only (Disk Space, CPU, Service Monitor, Backup Monitor, Offline Alert — no client-specific values) - **Patch policy:** *(not documented)* --- ## Active Projects / Open Items - [ ] Complete onboarding — capture infrastructure details, contacts, credentials to vault - [ ] Populate all `docs/` templates with real data (network, servers, M365, backup, AV, RMM) - [ ] Document both Camden and River site specifics (topology, firewall rules, VLANs, IPs) - [ ] Capture contacts to overview.md - [ ] Store credentials in SOPS vault under `clients/khalsa/` --- ## Key Events / History | Date | Event | |------|-------| | 2026-04-16 | Client directory created by Howard. Standard template applied. ONBOARDING status set. | No issue log entries. No session logs exist for this client. --- ## Anti-Patterns / Warnings - [WARNING] 10.11.12.243 is a DNS server but NOT the domain controller. Do not treat it as the DC. The DC is TROUT at 10.11.12.254. - [WARNING] Onboarding is incomplete. Do not assume any template placeholder values are real — all fields other than the apple-domain-join.md content are empty. - [WARNING] Do NOT run `dsconfigad` commands via ScreenConnect — the domain join step requires a password prompt that ScreenConnect cannot handle. Must use direct Terminal access. - When joining a Mac that was previously joined and has a broken trust: force-remove first (`dsconfigad -remove -username guru -force`), then re-join. Skipping this causes error 2100. - After applying `DefaultDomain` setting for login window, a reboot is required for the domain prefix to drop from login. - No credentials are in this wiki. Retrieve from vault under `clients/khalsa/` once captured. --- ## Backlinks - [[wiki/index]] — client index - [[wiki/patterns/apple-domain-join]] — if a general Apple domain join pattern article exists or is created