1→# Credentials & Authorization Reference 2→**Last Updated:** 2025-12-16 3→**Purpose:** Centralized credentials for Claude Code context recovery across all machines 4→ 5→--- 6→ 7→## Infrastructure - SSH Access 8→ 9→### Jupiter (Unraid Primary) 10→- **Host:** 172.16.3.20 11→- **User:** root 12→- **Port:** 22 13→- **Password:** Th1nk3r^99## 14→- **WebUI Password:** Th1nk3r^99## 15→- **Role:** Primary container host (Gitea, NPM, GuruRMM, media) 16→- **iDRAC IP:** 172.16.1.73 (DHCP) 17→- **iDRAC User:** root 18→- **iDRAC Password:** Window123!@#-idrac 19→- **iDRAC SSH:** Enabled (port 22) 20→- **IPMI Key:** All zeros 21→ 22→### Saturn (Unraid Secondary) 23→- **Host:** 172.16.3.21 24→- **User:** root 25→- **Port:** 22 26→- **Password:** r3tr0gradE99 27→- **Role:** Migration source, being consolidated to Jupiter 28→ 29→### pfSense (Firewall) 30→- **Host:** 172.16.0.1 31→- **User:** admin 32→- **Port:** 2248 33→- **Password:** r3tr0gradE99!! 34→- **Role:** Firewall, Tailscale gateway 35→- **Tailscale IP:** 100.79.69.82 (pfsense-1) 36→ 37→### OwnCloud VM (on Jupiter) 38→- **Host:** 172.16.3.22 39→- **Hostname:** cloud.acghosting.com 40→- **User:** root 41→- **Port:** 22 42→- **Password:** Paper123!@#-unifi! 43→- **OS:** Rocky Linux 9.6 44→- **Role:** OwnCloud file sync server 45→- **Services:** Apache, MariaDB, PHP-FPM, Redis, Datto RMM agents 46→- **Storage:** SMB mount from Jupiter (/mnt/user/OwnCloud) 47→- **Note:** Jupiter has SSH key auth configured 48→ 49→### GuruRMM Build Server 50→- **Host:** 172.16.3.30 51→- **Hostname:** gururmm 52→- **User:** guru 53→- **Port:** 22 54→- **Password:** Gptf*77ttb123!@#-rmm 55→- **Sudo Password:** Gptf*77ttb123!@#-rmm (special chars cause issues with sudo -S) 56→- **OS:** Ubuntu 22.04 57→- **Role:** GuruRMM/GuruConnect dedicated server (API, DB, Dashboard, Downloads, GuruConnect relay) 58→- **Services:** nginx, PostgreSQL, gururmm-server, gururmm-agent, guruconnect-server 59→- **SSH Key Auth:** ✅ Working from Windows/WSL (ssh guru@172.16.3.30) 60→- **Service Restart Method:** Services run as guru user, so `pkill` works without sudo. Deploy pattern: 61→ 1. Build: `cargo build --release --target x86_64-unknown-linux-gnu -p ` 62→ 2. Rename old: `mv target/release/binary target/release/binary.old` 63→ 3. Copy new: `cp target/x86_64.../release/binary target/release/binary` 64→ 4. Kill old: `pkill -f binary.old` (systemd auto-restarts) 65→- **GuruConnect:** Static files in /home/guru/guru-connect/server/static/, binary at /home/guru/guru-connect/target/release/guruconnect-server 66→ 67→--- 68→ 69→## Services - Web Applications 70→ 71→### Gitea (Git Server) 72→- **URL:** https://git.azcomputerguru.com/ 73→- **Internal:** http://172.16.3.20:3000 74→- **SSH:** ssh://git@172.16.3.20:2222 75→- **User:** mike@azcomputerguru.com 76→- **Password:** Window123!@#-git 77→- **API Token:** 9b1da4b79a38ef782268341d25a4b6880572063f 78→ 79→### NPM (Nginx Proxy Manager) 80→- **Admin URL:** http://172.16.3.20:7818 81→- **HTTP Port:** 1880 82→- **HTTPS Port:** 18443 83→- **User:** mike@azcomputerguru.com 84→- **Password:** Paper123!@#-unifi 85→ 86→### Cloudflare 87→- **API Token (Full DNS):** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj 88→- **API Token (Legacy/Limited):** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w 89→- **Permissions:** Zone:Read, Zone:Edit, DNS:Read, DNS:Edit 90→- **Used for:** DNS management, WHM plugin, cf-dns CLI 91→- **Domain:** azcomputerguru.com 92→- **Notes:** New full-access token added 2025-12-19 93→ 94→--- 95→ 96→## Projects - GuruRMM 97→ 98→### Dashboard/API Login 99→- **Email:** admin@azcomputerguru.com 100→- **Password:** GuruRMM2025 101→- **Role:** admin 102→ 103→### Database (PostgreSQL) 104→- **Host:** gururmm-db container (172.16.3.20) 105→- **Database:** gururmm 106→- **User:** gururmm 107→- **Password:** 43617ebf7eb242e814ca9988cc4df5ad 108→ 109→--- 110→ 111→## Projects - GuruConnect 112→ 113→### Database (PostgreSQL on build server) 114→- **Host:** localhost (172.16.3.30) 115→- **Port:** 5432 116→- **Database:** guruconnect 117→- **User:** guruconnect 118→- **Password:** gc_a7f82d1e4b9c3f60 119→- **DATABASE_URL:** `postgres://guruconnect:gc_a7f82d1e4b9c3f60@localhost:5432/guruconnect` 120→- **Created:** 2025-12-28 121→ 122→--- 123→ 124→## Projects - GuruRMM (continued) 125→ 126→### API Server 127→- **External URL:** https://rmm-api.azcomputerguru.com 128→- **Internal URL:** http://172.16.3.20:3001 129→- **JWT Secret:** ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE= 130→ 131→### Microsoft Entra ID (SSO) 132→- **App Name:** GuruRMM Dashboard 133→- **App ID (Client ID):** 18a15f5d-7ab8-46f4-8566-d7b5436b84b6 134→- **Object ID:** 34c80aa8-385a-4bea-af85-f8bf67decc8f 135→- **Client Secret:** gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w 136→- **Secret Expires:** 2026-12-21 137→- **Sign-in Audience:** Multi-tenant (any Azure AD org) 138→- **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback 139→- **API Permissions:** openid, email, profile 140→- **Notes:** Created 2025-12-21 for GuruRMM SSO 141→ 142→### CI/CD (Build Automation) 143→- **Webhook URL:** http://172.16.3.30/webhook/build 144→- **Webhook Secret:** gururmm-build-secret 145→- **Build Script:** /opt/gururmm/build-agents.sh 146→- **Build Log:** /var/log/gururmm-build.log 147→- **Gitea Webhook ID:** 1 148→- **Trigger:** Push to main branch 149→- **Builds:** Linux (x86_64) and Windows (x86_64) agents 150→- **Deploy Path:** /var/www/gururmm/downloads/ 151→ 152→### Build Server SSH Key (for Gitea) 153→- **Key Name:** gururmm-build-server 154→- **Public Key:** 155→``` 156→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi guru@gururmm-build 157→``` 158→- **Added to:** Gitea (azcomputerguru account) 159→ 160→### Clients & Sites 161→#### Glaztech Industries (GLAZ) 162→- **Client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9 163→- **Site:** SLC - Salt Lake City 164→- **Site ID:** 290bd2ea-4af5-49c6-8863-c6d58c5a55de 165→- **Site Code:** DARK-GROVE-7839 166→- **API Key:** grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI 167→- **Created:** 2025-12-18 168→ 169→--- 170→ 171→## Client Sites - WHM/cPanel 172→ 173→### IX Server (ix.azcomputerguru.com) 174→- **SSH Host:** ix.azcomputerguru.com 175→- **Internal IP:** 172.16.3.10 (VPN required) 176→- **SSH User:** root 177→- **SSH Password:** Gptf*77ttb!@#!@# 178→- **SSH Key:** guru@wsl key added to authorized_keys 179→- **Role:** cPanel/WHM server hosting client sites 180→ 181→### WebSvr (websvr.acghosting.com) 182→- **Host:** websvr.acghosting.com 183→- **SSH User:** root 184→- **SSH Password:** r3tr0gradE99# 185→- **API Token:** 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O 186→- **Access Level:** Full access 187→- **Role:** Legacy cPanel/WHM server (migration source to IX) 188→ 189→### data.grabbanddurando.com 190→- **Server:** IX (ix.azcomputerguru.com) 191→- **cPanel Account:** grabblaw 192→- **Site Path:** /home/grabblaw/public_html/data_grabbanddurando 193→- **Site Admin User:** admin 194→- **Site Admin Password:** GND-Paper123!@#-datasite 195→- **Database:** grabblaw_gdapp_data 196→- **DB User:** grabblaw_gddata 197→- **DB Password:** GrabbData2025 198→- **Config File:** /home/grabblaw/public_html/data_grabbanddurando/connection.php 199→- **Backups:** /home/grabblaw/public_html/data_grabbanddurando/backups_mariadb_fix/ 200→ 201→### GoDaddy VPS (Legacy) 202→- **IP:** 208.109.235.224 203→- **Hostname:** 224.235.109.208.host.secureserver.net 204→- **Auth:** SSH key 205→- **Database:** grabblaw_gdapp 206→- **Note:** Old server, data migrated to IX 207→ 208→--- 209→ 210→## Seafile (on Jupiter - Migrated 2025-12-27) 211→ 212→### Container 213→- **Host:** Jupiter (172.16.3.20) 214→- **URL:** https://sync.azcomputerguru.com 215→- **Port:** 8082 (internal), proxied via NPM 216→- **Containers:** seafile, seafile-mysql, seafile-memcached, seafile-elasticsearch 217→- **Docker Compose:** /mnt/user0/SeaFile/DockerCompose/docker-compose.yml 218→- **Data Path:** /mnt/user0/SeaFile/seafile-data/ 219→ 220→### Seafile Admin 221→- **Email:** mike@azcomputerguru.com 222→- **Password:** r3tr0gradE99# 223→ 224→### Database (MariaDB) 225→- **Container:** seafile-mysql 226→- **Image:** mariadb:10.6 227→- **Root Password:** db_dev 228→- **Seafile User:** seafile 229→- **Seafile Password:** 64f2db5e-6831-48ed-a243-d4066fe428f9 230→- **Databases:** ccnet_db (users), seafile_db (data), seahub_db (web) 231→ 232→### Elasticsearch 233→- **Container:** seafile-elasticsearch 234→- **Image:** elasticsearch:7.17.26 235→- **Note:** Upgraded from 7.16.2 for kernel 6.12 compatibility 236→ 237→### Microsoft Graph API (Email) 238→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d 239→- **Client ID:** 15b0fafb-ab51-4cc9-adc7-f6334c805c22 240→- **Client Secret:** rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk 241→- **Sender Email:** noreply@azcomputerguru.com 242→- **Used for:** Seafile email notifications via Graph API 243→ 244→### Migration Notes 245→- **Migrated from:** Saturn (172.16.3.21) on 2025-12-27 246→- **Saturn Status:** Seafile stopped, data intact for rollback (keep 1 week) 247→ 248→--- 249→ 250→## NPM Proxy Hosts Reference 251→ 252→| ID | Domain | Backend | SSL Cert | 253→|----|--------|---------|----------| 254→| 1 | emby.azcomputerguru.com | 172.16.2.99:8096 | npm-1 | 255→| 2 | git.azcomputerguru.com | 172.16.3.20:3000 | npm-2 | 256→| 4 | plexrequest.azcomputerguru.com | 172.16.3.31:5055 | npm-4 | 257→| 5 | rmm-api.azcomputerguru.com | 172.16.3.20:3001 | npm-6 | 258→| - | unifi.azcomputerguru.com | 172.16.3.28:8443 | npm-5 | 259→| 8 | sync.azcomputerguru.com | 172.16.3.20:8082 | npm-8 | 260→ 261→--- 262→ 263→## Tailscale Network 264→ 265→| Tailscale IP | Hostname | Owner | OS | 266→|--------------|----------|-------|-----| 267→| 100.79.69.82 (pfsense-1) | pfsense | mike@ | freebsd | 268→| 100.125.36.6 | acg-m-l5090 | mike@ | windows | 269→| 100.92.230.111 | acg-tech-01l | mike@ | windows | 270→| 100.96.135.117 | acg-tech-02l | mike@ | windows | 271→| 100.113.45.7 | acg-tech03l | howard@ | windows | 272→| 100.77.166.22 | desktop-hjfjtep | mike@ | windows | 273→| 100.101.145.100 | guru-legion9 | mike@ | windows | 274→| 100.119.194.51 | guru-surface8 | howard@ | windows | 275→| 100.66.103.110 | magus-desktop | rob@ | windows | 276→| 100.66.167.120 | magus-pc | rob@ | windows | 277→ 278→--- 279→ 280→## SSH Public Keys 281→ 282→### guru@wsl (Windows/WSL) 283→- **User:** guru 284→- **Sudo Password:** Window123!@#-wsl 285→- **SSH Key:** 286→``` 287→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl 288→``` 289→ 290→### azcomputerguru@local (Mac) 291→- **User:** azcomputerguru 292→- **SSH Key:** 293→``` 294→ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local 295→``` 296→ 297→--- 298→ 299→## Quick Reference Commands 300→ 301→### NPM API Auth 302→```bash 303→curl -s -X POST http://172.16.3.20:7818/api/tokens \ 304→ -H "Content-Type: application/json" \ 305→ -d '{"identity":"mike@azcomputerguru.com","secret":"Paper123!@#-unifi"}' 306→``` 307→ 308→### Gitea API 309→```bash 310→curl -H "Authorization: token 9b1da4b79a38ef782268341d25a4b6880572063f" \ 311→ https://git.azcomputerguru.com/api/v1/repos/search 312→``` 313→ 314→### GuruRMM Health Check 315→```bash 316→curl http://172.16.3.20:3001/health 317→``` 318→ 319→--- 320→ 321→## MSP Tools 322→ 323→### Syncro (PSA/RMM) - AZ Computer Guru 324→- **API Key:** T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3 325→- **Subdomain:** computerguru 326→- **API Base URL:** https://computerguru.syncromsp.com/api/v1 327→- **API Docs:** https://api-docs.syncromsp.com/ 328→- **Account:** AZ Computer Guru MSP 329→- **Notes:** Added 2025-12-18 330→ 331→### Autotask (PSA) - AZ Computer Guru 332→- **API Username:** dguyqap2nucge6r@azcomputerguru.com 333→- **API Password:** z*6G4fT#oM~8@9Hxy$2Y7K$ma 334→- **API Integration Code:** HYTYYZ6LA5HB5XK7IGNA7OAHQLH 335→- **Integration Name:** ClaudeAPI 336→- **API Zone:** webservices5.autotask.net 337→- **API Docs:** https://autotask.net/help/developerhelp/Content/APIs/REST/REST_API_Home.htm 338→- **Account:** AZ Computer Guru MSP 339→- **Notes:** Added 2025-12-18, new API user "Claude API" 340→ 341→### CIPP (CyberDrain Improved Partner Portal) 342→- **URL:** https://cippcanvb.azurewebsites.net 343→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d 344→- **API Client Name:** ClaudeCipp2 (working) 345→- **App ID (Client ID):** 420cb849-542d-4374-9cb2-3d8ae0e1835b 346→- **Client Secret:** MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT 347→- **Scope:** api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default 348→- **CIPP-SAM App ID:** 91b9102d-bafd-43f8-b17a-f99479149b07 349→- **IP Range:** 0.0.0.0/0 (all IPs allowed) 350→- **Auth Method:** OAuth 2.0 Client Credentials 351→- **Notes:** Updated 2025-12-23, working API client 352→ 353→#### CIPP API Usage (Bash) 354→```bash 355→# Get token 356→ACCESS_TOKEN=$(curl -s -X POST "https://login.microsoftonline.com/ce61461e-81a0-4c84-bb4a-7b354a9a356d/oauth2/v2.0/token" \ 357→ -d "client_id=420cb849-542d-4374-9cb2-3d8ae0e1835b" \ 358→ -d "client_secret=MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT" \ 359→ -d "scope=api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default" \ 360→ -d "grant_type=client_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin).get('access_token', ''))") 361→ 362→# Query endpoints (use tenant domain or tenant ID as TenantFilter) 363→curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonorangreenllc.com" \ 364→ -H "Authorization: Bearer ${ACCESS_TOKEN}" 365→ 366→# Other useful endpoints: 367→# ListTenants?AllTenants=true - List all managed tenants 368→# ListUsers?TenantFilter={tenant} - List users 369→# ListMailboxRules?TenantFilter={tenant} - Check mailbox rules 370→# BECCheck?TenantFilter={tenant}&UserID={userid} - BEC investigation 371→``` 372→ 373→#### Old API Client (403 errors - do not use) 374→- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9 375→- **Status:** Authenticated but all endpoints returned 403 376→ 377→### Claude-MSP-Access (Multi-Tenant Graph API) 378→- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d 379→- **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418 380→- **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO 381→- **Secret Expires:** 2026-12 (24 months) 382→- **Sign-in Audience:** Multi-tenant (any Entra ID org) 383→- **Purpose:** Direct Graph API access for M365 investigations and remediation 384→- **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient 385→- **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All 386→- **Created:** 2025-12-29 387→ 388→#### Usage (Python) 389→```python 390→import requests 391→ 392→tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent 393→client_id = "fabb3421-8b34-484b-bc17-e46de9703418" 394→client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO" 395→ 396→# Get token 397→token_resp = requests.post( 398→ f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token", 399→ data={ 400→ "client_id": client_id, 401→ "client_secret": client_secret, 402→ "scope": "https://graph.microsoft.com/.default", 403→ "grant_type": "client_credentials" 404→ } 405→) 406→access_token = token_resp.json()["access_token"] 407→ 408→# Query Graph API 409→headers = {"Authorization": f"Bearer {access_token}"} 410→users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers) 411→``` 412→ 413→--- 414→ 415→## Client - MVAN Inc 416→ 417→### Microsoft 365 Tenant 1 418→- **Tenant:** mvan.onmicrosoft.com 419→- **Admin User:** sysadmin@mvaninc.com 420→- **Password:** r3tr0gradE99# 421→- **Notes:** Global admin, project to merge/trust with T2 422→ 423→--- 424→ 425→## Client - BG Builders LLC 426→ 427→### Microsoft 365 Tenant 428→- **Tenant:** bgbuildersllc.com 429→- **CIPP Name:** sonorangreenllc.com 430→- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27 431→- **Admin User:** sysadmin@bgbuildersllc.com 432→- **Password:** Window123!@#-bgb 433→- **Notes:** Added 2025-12-19 434→ 435→### Security Investigation (2025-12-22) 436→- **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley) 437→- **Symptoms:** Suspicious sent items reported by user 438→- **Findings:** 439→ - Gmail OAuth app with EAS.AccessAsUser.All (REMOVED) 440→ - "P2P Server" app registration backdoor (DELETED by admin) 441→ - No malicious mailbox rules or forwarding 442→ - Sign-in logs unavailable (no Entra P1 license) 443→- **Remediation:** 444→ - Password reset: `5ecwyHv6&dP7` (must change on login) 445→ - All sessions revoked 446→ - Gmail OAuth consent removed 447→ - P2P Server backdoor deleted 448→- **Status:** RESOLVED 449→ 450→--- 451→ 452→## Client - Dataforth 453→ 454→### Network 455→- **Subnet:** 192.168.0.0/24 456→- **Domain:** INTRANET (intranet.dataforth.com) 457→ 458→### UDM (Unifi Dream Machine) 459→- **IP:** 192.168.0.254 460→- **SSH User:** root 461→- **SSH Password:** Paper123!@#-unifi 462→- **Web User:** azcomputerguru 463→- **Web Password:** Paper123!@#-unifi 464→- **2FA:** Push notification enabled 465→- **Notes:** Gateway/firewall, OpenVPN server 466→ 467→### AD1 (Domain Controller) 468→- **IP:** 192.168.0.27 469→- **Hostname:** AD1.intranet.dataforth.com 470→- **User:** INTRANET\sysadmin 471→- **Password:** Paper123!@# 472→- **Role:** Primary DC, NPS/RADIUS server 473→- **NPS Ports:** 1812/1813 (auth/accounting) 474→ 475→### AD2 (Domain Controller) 476→- **IP:** 192.168.0.6 477→- **Hostname:** AD2.intranet.dataforth.com 478→- **User:** INTRANET\sysadmin 479→- **Password:** Paper123!@# 480→- **Role:** Secondary DC, file server 481→ 482→### NPS RADIUS Configuration 483→- **Client Name:** unifi 484→- **Client IP:** 192.168.0.254 485→- **Shared Secret:** Gptf*77ttb!@#!@# 486→- **Policy:** "Unifi" - allows Domain Users 487→ 488→### D2TESTNAS (SMB1 Proxy) 489→- **IP:** 192.168.0.9 490→- **Web/SSH User:** admin 491→- **Web/SSH Password:** Paper123!@#-nas 492→- **Role:** DOS machine SMB1 proxy 493→- **Notes:** Added 2025-12-14 494→ 495→--- 496→ 497→## Client - Valley Wide Plastering 498→ 499→### Network 500→- **Subnet:** 172.16.9.0/24 501→ 502→### UDM (UniFi Dream Machine) 503→- **IP:** 172.16.9.1 504→- **SSH User:** root 505→- **SSH Password:** Gptf*77ttb123!@#-vwp 506→- **Notes:** Gateway/firewall, VPN server, RADIUS client 507→ 508→### VWP-DC1 (Domain Controller) 509→- **IP:** 172.16.9.2 510→- **Hostname:** VWP-DC1 511→- **User:** sysadmin 512→- **Password:** r3tr0gradE99# 513→- **Role:** Primary DC, NPS/RADIUS server 514→- **Notes:** Added 2025-12-22 515→ 516→### NPS RADIUS Configuration 517→- **RADIUS Server:** 172.16.9.2 518→- **RADIUS Ports:** 1812 (auth), 1813 (accounting) 519→- **Clients:** UDM (172.16.9.1), VWP-Subnet (172.16.9.0/24) 520→- **Shared Secret:** Gptf*77ttb123!@#-radius 521→- **Policy:** "VPN-Access" - allows all authenticated users (24/7) 522→- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP) 523→- **User Dial-in:** All VWP_Users set to Allow 524→- **AuthAttributeRequired:** Disabled on clients 525→- **Tested:** 2025-12-22, user cguerrero authenticated successfully 526→ 527→### Dataforth - Entra App Registration (Claude-Code-M365) 528→- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584 529→- **App ID (Client ID):** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29 530→- **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3 531→- **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All 532→- **Created:** 2025-12-22 533→- **Use:** Silent Graph API access to Dataforth tenant 534→ 535→--- 536→ 537→## Client - CW Concrete LLC 538→ 539→### Microsoft 365 Tenant 540→- **Tenant:** cwconcretellc.com 541→- **CIPP Name:** cwconcretellc.com 542→- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711 543→- **Default Domain:** NETORGFT11452752.onmicrosoft.com 544→- **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification 545→ 546→### Security Investigation (2025-12-22) 547→- **Findings:** 548→ - Graph Command Line Tools OAuth consent with high privileges (REMOVED) 549→ - "test" backdoor app registration with multi-tenant access (DELETED) 550→ - Apple Internet Accounts OAuth (left - likely iOS device) 551→ - No malicious mailbox rules or forwarding 552→- **Remediation:** 553→ - All sessions revoked for all 4 users 554→ - Backdoor apps removed 555→- **Status:** RESOLVED 556→ 557→--- 558→ 559→## Client - Khalsa 560→ 561→### Network 562→- **Subnet:** 172.16.50.0/24 563→ 564→### UCG (UniFi Cloud Gateway) 565→- **IP:** 172.16.50.1 566→- **SSH User:** azcomputerguru 567→- **SSH Password:** Paper123!@#-camden (reset 2025-12-22) 568→- **Notes:** Gateway/firewall, VPN server, SSH key added but not working 569→ 570→### Switch 571→- **User:** 8WfY8 572→- **Password:** tI3evTNBZMlnngtBc 573→ 574→### Accountant Machine 575→- **IP:** 172.16.50.168 576→- **User:** accountant 577→- **Password:** Paper123!@#-accountant 578→- **Notes:** Added 2025-12-22, VPN routing issue 579→ 580→--- 581→ 582→## Client - Scileppi Law Firm 583→ 584→### DS214se (Source NAS - being migrated) 585→- **IP:** 172.16.1.54 586→- **SSH User:** admin 587→- **Password:** Th1nk3r^99 588→- **Storage:** 1.8TB (1.6TB used) 589→- **Data:** User home folders (admin, Andrew Ross, Chris Scileppi, Samantha Nunez, etc.) 590→ 591→### Unraid (Source - Migration) 592→- **IP:** 172.16.1.21 593→- **SSH User:** root 594→- **Password:** Th1nk3r^99 595→- **Role:** Data source for migration to RS2212+ 596→ 597→### RS2212+ (Destination NAS) 598→- **IP:** 172.16.1.59 599→- **Hostname:** SL-SERVER 600→- **SSH User:** sysadmin 601→- **Password:** Gptf*77ttb123!@#-sl-server 602→- **SSH Key:** claude-code@localadmin added to authorized_keys 603→- **Storage:** 25TB total, 6.9TB used (28%) 604→- **Data Share:** /volume1/Data (7.9TB - Active, Closed, Archived, Billing, MOTIONS BANK) 605→- **Notes:** Migration and consolidation complete 2025-12-29 606→ 607→### RS2212+ User Accounts (Created 2025-12-29) 608→| Username | Full Name | Password | Notes | 609→|----------|-----------|----------|-------| 610→| chris | Chris Scileppi | Scileppi2025! | Owner | 611→| andrew | Andrew Ross | Scileppi2025! | Staff | 612→| sylvia | Sylvia | Scileppi2025! | Staff | 613→| rose | Rose | Scileppi2025! | Staff | 614→| (TBD) | 5th user | - | Name pending | 615→ 616→### Migration/Consolidation Status (COMPLETE) 617→- **Completed:** 2025-12-29 618→- **Final Structure:** 619→ - Active: 2.5TB (merged Unraid + DS214se Open Cases) 620→ - Closed: 4.9TB (merged Unraid + DS214se Closed Cases) 621→ - Archived: 451GB 622→ - MOTIONS BANK: 21MB 623→ - Billing: 17MB 624→- **Recycle Bin:** Emptied (recovered 413GB) 625→- **Permissions:** Group "users" with 775 on /volume1/Data 626→ Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.