azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39f2f75d7b50747c28bf3737b3b64af96f95fd3b
claudetools/credentials.md
Mike Swanson b79c47acb9 sync: Auto-sync from ACG-M-L5090 at 2026-01-26 16:45:54 
Synced files:
- Complete claude-projects import (5 catalog files)
- Client directory with 12 clients
- Project directory with 12 projects
- Credentials updated (100+ sets)
- Session logs consolidated
- Agent coordination rules updated
- Task management integration

Major work completed:
- Exhaustive cataloging of claude-projects
- All session logs analyzed (38 files)
- All credentials extracted and organized
- Client infrastructure documented
- Problem solutions cataloged (70+)

Machine: ACG-M-L5090
Timestamp: 2026-01-26 16:45:54

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-01 16:23:47 -07:00

1266 lines
46 KiB
Markdown
Raw Blame History

# Credentials & Authorization Reference
**Last Updated:** 2026-01-26
**Purpose:** Centralized credentials for Claude Code context recovery
**Project:** ClaudeTools MSP Work Tracking System
---
## Infrastructure - SSH Access
### GuruRMM Server (172.16.3.30)
- **Host:** 172.16.3.30
- **Hostname:** gururmm / gururmm-build
- **User:** guru
- **SSH Password:** Gptf*77ttb123!@#-rmm (note: special chars cause sudo issues, use heredoc)
- **Sudo Password:** Gptf*77ttb123!@#-rmm
- **SSH Port:** 22
- **Role:** Production server hosting ClaudeTools database and API, GuruRMM system, cross-platform builds
- **Services:**
- MariaDB 10.6.22 (Port 3306)
- PostgreSQL 14 (Port 5432)
- ClaudeTools API (Port 8001)
- GuruRMM API (Port 3001)
- Nginx reverse proxy (Port 80/443)
- **ClaudeTools Database:**
- Database: claudetools
- User: claudetools
- Password: CT_e8fcd5a3952030a79ed6debae6c954ed
- **GuruRMM Database (PostgreSQL):**
- Database: gururmm
- User: gururmm
- Password: 43617ebf7eb242e814ca9988cc4df5ad
- Connection: postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@172.16.3.30:5432/gururmm
- **GuruRMM API Access:**
- Base URL: http://172.16.3.30:3001
- Production URL: https://rmm-api.azcomputerguru.com
- Admin Email: claude-api@azcomputerguru.com
- Admin Password: ClaudeAPI2026!@#
- Admin User ID: 4d754f36-0763-4f35-9aa2-0b98bbcdb309
- JWT Secret: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
- **OS:** Ubuntu 22.04 LTS
- **SSH Keys:** guru@wsl, guru@gururmm-build (ed25519)
- **Notes:** Primary ClaudeTools infrastructure, systemd service auto-starts API. GuruRMM admin user created 2026-01-22 for API integration. Build server for cross-platform GuruRMM builds.
### Jupiter (Unraid Primary - 172.16.3.20)
- **Host:** 172.16.3.20
- **User:** root
- **SSH Port:** 22
- **Password:** Th1nk3r^99##
- **WebUI Password:** Th1nk3r^99##
- **Role:** Primary container host, Gitea server, NPM, GuruRMM, Seafile
- **Services:**
- Gitea (Port 3000, SSH 2222)
- Docker containers
- NPM (Nginx Proxy Manager) - Ports 1880 (HTTP), 18443 (HTTPS), 7818 (admin)
- GuruRMM API (Port 3001)
- Seafile Pro (Port 8082)
- **iDRAC (Dell Remote Management):**
- IP: 172.16.1.73 (DHCP)
- User: root
- Password: Window123!@#-idrac
- IPMI Key: 0000000000000000000000000000000000000000 (all zeros)
- SSH: Enabled (port 22) - cipher compatibility issues
- Web UI: https://172.16.1.73/
- **SSH Keys:** claude-code@localadmin (ed25519), root@GuruSync (ed25519), guru@wsl (ed25519), guru@gururmm-build (ed25519)
- **Notes:** Used for code repository management and version control. Primary infrastructure server.
### IX Server (Hosting - 172.16.3.10)
- **Host:** ix.azcomputerguru.com
- **Internal IP:** 172.16.3.10
- **External IP:** 72.194.62.5
- **User:** root
- **SSH Port:** 22
- **Password:** Gptf*77ttb!@#!@#
- **SSH Key:** guru@wsl key added to authorized_keys
- **OS:** Rocky Linux (WHM/cPanel)
- **Role:** Primary cPanel hosting server for client websites (80+ accounts)
- **Services:**
- WHM (Web Host Manager) - Port 2087
- cPanel - Port 2083
- Apache/LiteSpeed web server
- MariaDB (multiple client databases)
- PHP-FPM
- **Access Methods:**
- SSH (external): ssh root@ix.azcomputerguru.com
- SSH (internal): ssh root@172.16.3.10
- WHM: https://ix.azcomputerguru.com:2087
- cPanel: https://ix.azcomputerguru.com:2083
- **VPN Required:** Yes (for external SSH access)
- **Hosted Sites:** 40+ WordPress sites (arizonahatters.com, peacefulspirit.com, etc.)
- **Notes:**
- Critical performance issues documented 2026-01-13
- Requires VPN for SSH access
- See clients/internal-infrastructure/ix-server-issues-2026-01-13.md for maintenance details
- 80+ cPanel accounts hosted
- **Critical Sites Maintained (2026-01-13):**
- acepickupparts.com (PHP 256MB, database cleaned)
- arizonahatters.com (PHP 256MB, Wordfence bloat cleaned)
- peacefulspirit.com (database bloat cleaned 310MB→0.67MB)
### WebSvr (Legacy Hosting - websvr.acghosting.com)
- **Host:** websvr.acghosting.com
- **External IP:** 162.248.93.81
- **User:** root
- **SSH Port:** 22
- **Password:** r3tr0gradE99#
- **OS:** CentOS 7 (WHM/cPanel)
- **Role:** Legacy cPanel hosting server, DNS management for ACG Hosting domains
- **Services:**
- WHM (Web Host Manager)
- cPanel
- Apache/LiteSpeed web server
- MariaDB
- DNS Zone Management
- **API Token:** 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O (Full access)
- **DNS Management:** Authoritative for ACG Hosting nameservers (grabbanddurando.com zone, etc.)
- **Status:** Active - DNS management, some legacy sites
- **Notes:**
- Used for DNS zone editing for client domains
- Migration source to IX server
- See clients/grabb-durando/website-migration/README.md for DNS management examples
### pfSense Firewall (172.16.0.1)
- **Host:** 172.16.0.1
- **SSH Port:** 2248
- **User:** admin
- **Password:** r3tr0gradE99!!
- **SSH Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrv2u99Y/KecA4GtJ3xi/8ExzkjdPsCHLDdaFPBkGAg claude-code@localadmin
- **OS:** FreeBSD (pfSense 2.8.1)
- **Role:** Primary network firewall, VPN gateway, Tailscale gateway
- **Services:**
- Firewall rules
- VPN server
- Tailscale subnet router
- DHCP server
- **Tailscale:**
- Tailscale IP: 100.79.69.82 (pfsense-1) / 100.119.153.74 (pfsense-2)
- Subnet Routes: 172.16.0.0/22 (advertised to Tailscale network)
- Hostname: pfsense-1 / pfsense-2
- **Web UI:** https://172.16.0.1
- **Status:** CRITICAL PRODUCTION - Network gateway
- **Network:**
- LAN Subnet: 172.16.0.0/16
- OpenVPN: 192.168.6.0/24
- WAN (Fiber): 98.181.90.163/31
- Public IPs: 72.194.62.2-10, 70.175.28.51-57
- **Notes:**
- Primary network security appliance
- Routes traffic for entire 172.16.0.0/16 network
- Tailscale exit node for remote access
- Migrated to Intel N100 hardware 2025-12-25
### Saturn (172.16.3.21) - DECOMMISSIONED
- **Host:** 172.16.3.21
- **User:** root
- **SSH Port:** 22
- **Password:** r3tr0gradE99
- **OS:** Unraid 6.x
- **Role:** Secondary Unraid server (decommissioned)
- **Status:** DECOMMISSIONED - Migration to Jupiter complete (Seafile migrated 2025-12-27)
- **Notes:**
- All services migrated to Jupiter in 2025
- May be powered off
- Documented for historical reference
### OwnCloud VM (172.16.3.22)
- **Host:** 172.16.3.22
- **Hostname:** cloud.acghosting.com
- **User:** root
- **SSH Port:** 22
- **Password:** Paper123!@#-unifi!
- **OS:** Rocky Linux 9.6
- **Role:** OwnCloud file synchronization server
- **Services:**
- Apache web server
- MariaDB
- PHP-FPM
- Redis
- OwnCloud application
- Datto RMM agents
- **Storage:** SMB mount from Jupiter (Unraid shares - /mnt/user/OwnCloud)
- **Status:** Active
- **Notes:**
- Jupiter has SSH key auth configured
- File sync service for team collaboration
- Data stored on Jupiter NAS backend
---
## External/Client Servers
### GoDaddy VPS (208.109.235.224) - Grabb & Durando
- **Host:** 208.109.235.224
- **Hostname:** 224.235.109.208.host.secureserver.net
- **User:** root
- **SSH Port:** 22
- **Auth:** SSH key (id_ed25519)
- **OS:** CloudLinux 9.6
- **cPanel:** v126.0 (build 11)
- **Role:** data.grabbanddurando.com hosting (MIGRATION COMPLETE - old server)
- **Status:** OFFLINE - 99% disk space used (1.6GB free) - migration complete
- **Client:** Grabb & Durando Law Firm
- **Application:** Custom PHP calendar/user management system
- **Database Credentials (on GoDaddy):**
- Database: grabblaw_gdapp
- User: grabblaw_gdapp
- Password: e8o8glFDZD
- cPanel User: grabbanddurando
- **Migration Target:** ix.azcomputerguru.com (COMPLETE)
- **Migration Status:** Complete - old server can be decommissioned
- **Notes:**
- MIGRATION COMPLETE - data sync performed 2025-12-12
- SSH key authentication (passwordless)
- See clients/grabb-durando/website-migration/README.md for migration details
- Keep active for 1 week after successful migration (retention period expired)
### Neptune Exchange Server (67.206.163.124)
- **Hostname:** neptune.acghosting.com
- **Public IP:** 67.206.163.124
- **Internal IP:** 172.16.3.11 (requires Dataforth VPN)
- **Domain:** ACG
- **Admin User:** ACG\administrator
- **Admin Password:** Gptf*77ttb##
- **Exchange Version:** Exchange Server 2016
- **OWA URL:** https://neptune.acghosting.com/owa/
- **PowerShell URL:** https://neptune.acghosting.com/PowerShell/
- **Authentication:** Basic Auth
- **ActiveSync:** Enabled (BasicAuthEnabled: True)
- **Status:** Active
- **Client:** heieck.org (migration to M365 complete 2026-01-14)
- **Notes:**
- Requires VPN access (OpenVPN to Dataforth network)
- UDM firewall rules required for OpenVPN→Dataforth access
- iptables rules on UDM: 192.168.6.0/24 ↔ 172.16.0.0/22
---
## Dataforth Infrastructure
### AD2 (Production Server - 192.168.0.6)
- **Host:** 192.168.0.6
- **Hostname:** AD2.intranet.dataforth.com
- **Domain:** INTRANET
- **User:** INTRANET\sysadmin
- **Password:** Paper123!@#
- **OS:** Windows Server 2022
- **Local Path:** C:\Shares\test
- **Share Access:** \\192.168.0.6\C$ (admin share, requires credentials)
- **Role:** Production server for Dataforth DOS machines, Secondary Domain Controller
- **Services:**
- Active Directory Domain Controller (Secondary)
- File Server (SMB3)
- Scheduled sync task (Sync-FromNAS.ps1 every 15 min)
- WinRM (PowerShell Remoting) on port 5985
- OpenSSH Server on port 22
- **Network:** 192.168.0.0/24
- **Automation Access:**
- **Service Account:** INTRANET\ClaudeTools-ReadOnly
- **Service Password:** vG!UCAD>=#gIk}1A3=:{+DV3
- **Service UPN:** ClaudeTools-ReadOnly@dataforth.local
- **Permissions:** Read-only AD access, Remote Management Users group
- **Scripts Location:** C:\ClaudeTools\Scripts\
- **Logs Location:** C:\ClaudeTools\Logs\Transcripts\
- **SSH Key (sysadmin account):**
- **Key Type:** ED25519
- **Fingerprint:** SHA256:JsiEDAJ/fD19d6W7B5iuV78f8dLKZbLTrMor7b9CXSQ
- **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpk0bdronDasfx5RYjky4N4xIeUJF5xIJdX08rb3+Ui sysadmin@AD2-automation
- **Private Key Location:** C:\Users\sysadmin\.ssh\id_ed25519
- **WinRM Configuration:**
- **TrustedHosts:** 172.16.*,192.168.*,10.* (LAN/VPN access)
- **Listener:** HTTP on port 5985
- **Transcript Logging:** Enabled (all remote sessions logged)
- **Module Logging:** Enabled
- **Script Block Logging:** Enabled
- **Connection Method (SMB Share):**
```powershell
$pass = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $pass)
New-PSDrive -Name Z -PSProvider FileSystem -Root '\\192.168.0.6\C$' -Credential $cred
# Access: Z:\Shares\test\
```
- **Connection Method (WinRM - Admin):**
```powershell
$password = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $password)
Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred
```
- **Connection Method (WinRM - Read-Only):**
```powershell
$password = ConvertTo-SecureString 'vG!UCAD>=#gIk}1A3=:{+DV3' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\ClaudeTools-ReadOnly', $password)
Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred
```
- **Connection Method (SSH):**
```bash
ssh INTRANET\\sysadmin@192.168.0.6
# Password: Paper123!@#
# Or with key: ssh -i path/to/id_ed25519 INTRANET\\sysadmin@192.168.0.6
```
- **Software Update Locations:**
- Common (all machines): C:\Shares\test\COMMON\ProdSW\ and C:\Shares\test\_COMMON\ProdSW\
- Station-specific: C:\Shares\test\TS-XX\ProdSW\
- System files: C:\Shares\test\COMMON\DOS\
- **Notes:**
- SMB1 disabled for security (after crypto attack)
- Sync mechanism moved from NAS to AD2 due to WINS crashes
- Files sync to NAS within 15 minutes after placement
- DOS machines pull from NAS (not directly from AD2)
### AD1 (Primary Domain Controller - 192.168.0.27)
- **IP:** 192.168.0.27
- **Hostname:** AD1.intranet.dataforth.com
- **User:** INTRANET\sysadmin
- **Password:** Paper123!@#
- **Role:** Primary DC, NPS/RADIUS server
- **NPS Ports:** 1812/1813 (auth/accounting)
- **Services:**
- Active Directory Domain Controller (Primary)
- NPS/RADIUS Server
- **Access Methods:** RDP, WinRM
### D2TESTNAS (SMB1 Proxy - 192.168.0.9)
- **Host:** 192.168.0.9
- **NetBIOS Name:** D2TESTNAS
- **MAC:** 28:C6:8E:34:4B:5E / 5F
- **HTTP:** http://192.168.0.9/
- **User (Web):** admin
- **Password (Web):** Paper123!@#-nas
- **SSH User:** root
- **SSH Auth:** ed25519 key (passwordless) + password: Paper123!@#-nas
- **SSH Key:** ed25519 from ~/.ssh/id_ed25519 (WSL)
- **Role:** SMB1 proxy/bridge for DOS 6.22 machines
- **OS:** Netgear ReadyNAS RN10400 (Linux NAS appliance)
- **Share:** \\D2TESTNAS\test (maps to /data/test)
- **Shares:**
- \\D2TESTNAS\test (guest writable, maps to T:)
- \\D2TESTNAS\datasheets (guest writable, maps to X:)
- **Services:**
- SMB1 server (for DOS machine compatibility - CORE protocol)
- SSH server (Port 22)
- WINS Server: Enabled (192.168.0.9)
- **SMB Configuration:**
- Protocol: CORE (oldest, for DOS compatibility)
- Workgroup: INTRANET
- WINS support: yes
- Null passwords: enabled
- Guest access: enabled
- **SMB Users:** ts-1 through ts-50 (NULL passwords - smbpasswd -n ts-XX)
- **Engineer Access:** engineer / Engineer1!
- **Notes:**
- Bridges DOS machines (SMB1) with AD2 (SMB3)
- Previous sync location (moved to AD2)
- Network path: /data/test/
- Sync credentials in /root/.ad2creds
### Dataforth DOS Machines (TS-XX)
- **Network:** 192.168.0.0/24
- **OS:** MS-DOS 6.22
- **Count:** ~30 machines for QC testing
- **Naming:** TS-01 through TS-30
- **Network Share:** T: drive (maps to \\D2TESTNAS\test)
- **Machine Variable:** %MACHINE% (set in AUTOEXEC.BAT from C:\NET\SYSTEM.INI)
- **Backup Location:** T:\%MACHINE%\BACKUP\
- **Update Path:** T:\COMMON\
- **Credentials:** None (local DOS machines)
- **Network Drives:**
- T: = \\D2TESTNAS\test
- X: = \\D2TESTNAS\datasheets
- **Boot Sequence:**
1. C:\AUTOEXEC.BAT
2. C:\STARTNET.BAT (mount drives)
3. T:\TS-XX\NWTOC.BAT (download updates)
4. C:\ATE\MENU.BAT (test menu)
- **Central Management:** T:\UPDATE.BAT (v2.0)
- Commands: STATUS, UPDATE, DOS
- Auto-detection from C:\NET\SYSTEM.INI
- **Machines Tested Working:**
- TS-27: Working, full config copied
- TS-8L: Working, 717 logs + 2966 reports moved
- TS-8R: Working, 821 logs + 3780 reports moved
- **Notes:**
- SMB1 protocol required
- DOS 6.22 limitations: no %COMPUTERNAME%, no IF /I
- Network stack: MS Client 3.0, Netware VLM client
- Update workflow: AD2 → D2TESTNAS → DOS machines
- Startup sequence: AUTOEXEC.BAT → STARTNET.BAT → MENUX.EXE
- MENUX menu provides test module selection interface
- Test Equipment: Keithley 2010, Fluke 8842A, HP 33220A, KEPCO DPS, BK Precision 1651A, Rigol MSO2102A
### UDM (UniFi Dream Machine - 192.168.0.254)
- **Service:** Gateway/firewall
- **IP:** 192.168.0.254
- **SSH User:** root
- **SSH Password:** Paper123!@#-unifi
- **SSH Key:** claude-code key added
- **Web User:** azcomputerguru
- **Web Password:** Paper123!@#-unifi
- **2FA:** Push notification enabled
- **Role:** Gateway/firewall, OpenVPN server
- **OpenVPN:** 192.168.6.0/24 network
- **Isolated Network:** 172.16.0.0/22 (Dataforth internal)
- **MongoDB:** 127.0.0.1:27117/ace (UniFi controller)
- **Access Methods:** SSH, Web (2FA)
- **Notes:**
- OpenVPN access requires iptables rules for Dataforth network access
- WINS configured in DHCP pointing to D2TESTNAS (192.168.0.9)
- DNS servers: 192.168.0.27, 192.168.0.6, 192.168.1.254
### AD2-NAS Sync System
- **Script:** C:\Shares\test\scripts\Sync-FromNAS.ps1
- **Runs:** Every 15 minutes (Windows Scheduled Task)
- **User:** INTRANET\sysadmin
- **Direction:** Bidirectional
- **Tools:** PuTTY (plink.exe, pscp.exe)
- **Log:** C:\Shares\test\scripts\sync-from-nas.log
- **Status:** C:\Shares\test\_SYNC_STATUS.txt (monitored by DattoRMM)
- **Last Verified:** 2026-01-15 (running successfully)
- **PULL (NAS → AD2):**
- Test results: /data/test/TS-XX/LOGS/*.DAT → C:\Shares\test\TS-XX\LOGS\
- Reports: /data/test/TS-XX/Reports/*.TXT → C:\Shares\test\TS-XX\Reports\
- Files deleted from NAS after successful sync
- DAT files imported to database automatically
- **PUSH (AD2 → NAS):**
- Common updates: C:\Shares\test\COMMON\ProdSW\ → /data/test/COMMON/ProdSW/
- Station updates: C:\Shares\test\TS-XX\ProdSW\ → /data/test/TS-XX/ProdSW/
- Root utility: C:\Shares\test\UPDATE.BAT → /data/test/UPDATE.BAT
- One-shot tasks: C:\Shares\test\TS-XX\TODO.BAT → /data/test/TS-XX/TODO.BAT
- **Notes:**
- Moved from NAS to AD2 in January 2026
- Reason: WINS crashes and SSH lockups on NAS
- NAS script (/root/sync-to-ad2.sh) is DEPRECATED
- UPDATE.BAT sync added 2026-01-15
---
## Services - Web Applications
### Gitea (Git Server)
- **URL:** https://git.azcomputerguru.com/
- **Web Port:** 3000
- **SSH:** ssh://git@172.16.3.20:2222 OR ssh://git@git.azcomputerguru.com:2222
- **Username:** azcomputerguru
- **Email:** mike@azcomputerguru.com
- **Password:** Gptf*77ttb123!@#-git OR Window123!@#-git
- **SSH Key:** claude-code (ed25519) - CONFIGURED AND WORKING
- **SSH Fingerprint:** SHA256:E+dhx8dYK+pWyqFUcAVAeJtaQEI3cOiIs7eac1w3Dnk
- **API Token:** 9b1da4b79a38ef782268341d25a4b6880572063f
- **Repository:** azcomputerguru/ClaudeTools, azcomputerguru/claude-projects
- **Role:** Source code version control, project sync
- **Docker Container:** gitea (on Jupiter server)
- **Notes:**
- Web login: azcomputerguru / Gptf*77ttb123!@#-git
- SSH access: `ssh -T -p 2222 git@172.16.3.20` (verified working 2026-01-19)
- Git remote: `ssh://git@172.16.3.20:2222/azcomputerguru/ClaudeTools.git`
- Password reset: `docker exec -u git gitea gitea admin user change-password --username azcomputerguru --password 'NEW_PASSWORD'`
- SSH key added: 2026-01-19 15:09 (claude-code)
### NPM (Nginx Proxy Manager)
- **Admin URL:** http://172.16.3.20:7818
- **HTTP Port:** 1880
- **HTTPS Port:** 18443
- **User:** mike@azcomputerguru.com OR admin@azcomputerguru.com
- **Password:** r3tr0gradE99! OR Window123!@#
- **Cloudflare API Token:** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w
- **Database:** SQLite at /mnt/user/appdata/npm/database.sqlite
- **Container:** npm on Jupiter
- **Proxy Hosts:**
- ID 1: emby.azcomputerguru.com → 172.16.2.99:8096 (SSL: npm-1)
- ID 2: git.azcomputerguru.com → 172.16.3.20:3000 (SSL: npm-2)
- ID 4: plexrequest.azcomputerguru.com → 172.16.3.31:5055 (SSL: npm-4)
- ID 5: rmm-api.azcomputerguru.com → 172.16.3.20:3001 (SSL: npm-6)
- unifi.azcomputerguru.com → 172.16.3.28:8443 (SSL: npm-5)
- ID 8: sync.azcomputerguru.com → 172.16.3.20:8082 (SSL: npm-8)
### ClaudeTools API (Production)
- **URL:** http://172.16.3.30:8001
- **Docs:** http://172.16.3.30:8001/api/docs
- **Database:** 172.16.3.30:3306/claudetools
- **Auth:** JWT tokens (POST /api/auth/token)
- **Test User:**
- Email: test@example.com
- Password: testpassword123
- **Role:** Primary MSP work tracking API
- **Endpoints:** 95+ endpoints across 17 entities
- **Notes:** Systemd service, auto-starts on boot
### Seafile Pro (File Sync)
- **URL:** https://sync.azcomputerguru.com
- **Internal:** 172.16.3.20:8082
- **Admin Email:** mike@azcomputerguru.com
- **Admin Password:** r3tr0gradE99#
- **Database User:** seafile
- **Database Password:** 64f2db5e-6831-48ed-a243-d4066fe428f9
- **Database Root:** db_dev
- **Databases:** ccnet_db, seafile_db, seahub_db
- **Containers:** seafile, seafile-mysql, seafile-memcached, seafile-elasticsearch
- **Docker Compose:** /mnt/user0/SeaFile/DockerCompose/docker-compose.yml
- **Data Path:** /mnt/user0/SeaFile/seafile-data/
- **Storage:** 11.8TB
- **Location:** Jupiter (migrated from Saturn 2025-12-27)
- **Elasticsearch:** 7.17.26 (upgraded for kernel 6.12 compatibility)
- **Microsoft Graph API (Email):**
- Tenant ID: ce61461e-81a0-4c84-bb4a-7b354a9a356d
- Client ID: 15b0fafb-ab51-4cc9-adc7-f6334c805c22
- Client Secret: rRN8Q~FPfSL8O24iZthi_LVJTjGOCZG.DnxGHaSk
- Sender Email: noreply@azcomputerguru.com
- Usage: Seafile email notifications via Graph API
### Cloudflare
- **Service:** DNS and CDN
- **API Token (Full DNS):** DRRGkHS33pxAUjQfRDzDeVPtt6wwUU6FwtXqOzNj
- **API Token (Legacy/Limited):** U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w
- **Permissions:** Zone:Read, Zone:Edit, DNS:Read, DNS:Edit
- **Used for:** DNS management, WHM plugin, cf-dns CLI
- **Domain:** azcomputerguru.com
- **Notes:** New full-access token added 2025-12-19
- **Access Methods:** API
---
## Projects - ClaudeTools
### Database (MariaDB)
- **Host:** 172.16.3.30
- **Port:** 3306
- **Database:** claudetools
- **User:** claudetools
- **Password:** CT_e8fcd5a3952030a79ed6debae6c954ed
- **Connection String:**
```
mysql+pymysql://claudetools:CT_e8fcd5a3952030a79ed6debae6c954ed@172.16.3.30:3306/claudetools?charset=utf8mb4
```
- **Tables:** 38 tables (fully migrated)
- **Encryption:** AES-256-GCM for credentials table
- **Backup:** Daily automated backups
### Encryption Keys
- **Method:** AES-256-GCM (Fernet)
- **Key:** 319134ddb79fa44a6751b383cb0a7940da0de0818bd6bbb1a9c20a6a87d2d30c
- **File Location:** C:\Users\MikeSwanson\claude-projects\shared-data\.encryption-key
- **Generated:** 2026-01-15
- **Key Storage:** Environment variable ENCRYPTION_KEY
- **Usage:** Credentials table password encryption, AES-256-GCM encryption for credentials in database
- **Warning:** DO NOT COMMIT TO GIT
- **Notes:** Never commit encryption key to git
### API Authentication
- **Method:** JWT tokens
- **Password Hashing:** Argon2
- **Token Endpoint:** POST /api/auth/token
- **Token Format:** Bearer token in Authorization header
- **JWT Secret:** NdwgH6jsGR1WfPdUwR3u9i1NwNx3QthhLHBsRCfFxcg=
- **Example:**
```bash
curl -X POST http://172.16.3.30:8001/api/auth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=test@example.com&password=testpassword123"
```
---
## Projects - GuruRMM
### Dashboard/API Login
- **Service:** GuruRMM dashboard login
- **Email:** admin@azcomputerguru.com
- **Password:** GuruRMM2025
- **Role:** admin
- **Access Methods:** Web
### Database (PostgreSQL)
- **Service:** GuruRMM database
- **Host:** gururmm-db container (172.16.3.20) OR 172.16.3.30 (build server)
- **Port:** 5432 (default)
- **Database:** gururmm
- **User:** gururmm
- **Password:** 43617ebf7eb242e814ca9988cc4df5ad
- **Connection:** postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@172.16.3.30:5432/gururmm
- **Access Methods:** PostgreSQL protocol
### API Server
- **External URL:** https://rmm-api.azcomputerguru.com
- **Internal URL:** http://172.16.3.20:3001 OR http://172.16.3.30:3001
- **JWT Secret:** ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
- **Access Methods:** HTTPS, HTTP (internal)
### Microsoft Entra ID (SSO)
- **Service:** GuruRMM SSO via Entra
- **App Name:** GuruRMM Dashboard
- **App ID (Client ID):** 18a15f5d-7ab8-46f4-8566-d7b5436b84b6
- **Object ID:** 34c80aa8-385a-4bea-af85-f8bf67decc8f
- **Client Secret:** gOz8Q~J.oz7KnUIEpzmHOyJ6GEzYNecGRl-Pbc9w
- **Secret Expires:** 2026-12-21
- **Sign-in Audience:** Multi-tenant (any Azure AD org)
- **Redirect URIs:** https://rmm.azcomputerguru.com/auth/callback, http://localhost:5173/auth/callback
- **API Permissions:** openid, email, profile
- **Created:** 2025-12-21
- **Access Methods:** OAuth 2.0
### CI/CD (Build Automation)
- **Webhook URL:** http://172.16.3.30/webhook/build
- **Webhook Secret:** gururmm-build-secret
- **Build Script:** /opt/gururmm/build-agents.sh
- **Build Log:** /var/log/gururmm-build.log
- **Gitea Webhook ID:** 1
- **Trigger:** Push to main branch
- **Builds:** Linux (x86_64) and Windows (x86_64) agents
- **Deploy Path:** /var/www/gururmm/downloads/
- **GuruConnect Static Files:** /home/guru/guru-connect/server/static/
- **GuruConnect Binary:** /home/guru/guru-connect/target/release/guruconnect-server
- **Access Methods:** Webhook
### Build Server SSH Key (for Gitea)
- **Key Name:** gururmm-build-server
- **Key Type:** ssh-ed25519
- **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi guru@gururmm-build
- **Added to:** Gitea (azcomputerguru account)
- **Access Methods:** SSH key authentication
### Clients & Sites
#### Glaztech Industries (GLAZ)
- **Client ID:** d857708c-5713-4ee5-a314-679f86d2f9f9
- **Site:** SLC - Salt Lake City
- **Site ID:** 290bd2ea-4af5-49c6-8863-c6d58c5a55de
- **Site Code:** DARK-GROVE-7839
- **API Key:** grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI
- **Created:** 2025-12-18
- **Access Methods:** API
#### AZ Computer Guru (Internal)
- **Site Code:** SWIFT-CLOUD-6910
---
## Projects - GuruConnect
### Database (PostgreSQL on build server)
- **Service:** GuruConnect database
- **Host:** localhost (172.16.3.30)
- **Port:** 5432
- **Database:** guruconnect
- **User:** guruconnect
- **Password:** gc_a7f82d1e4b9c3f60
- **DATABASE_URL:** postgres://guruconnect:gc_a7f82d1e4b9c3f60@localhost:5432/guruconnect
- **Created:** 2025-12-28
- **Access Methods:** PostgreSQL protocol
---
## Projects - Dataforth DOS
### Update Workflow
- **Admin Deposits:** \\AD2\test\COMMON\ (on AD2)
- **Sync Mechanism:** AD2 scheduled task (C:\Shares\test\scripts\Sync-FromNAS.ps1)
- **DOS Pull:** T:\COMMON\ (from D2TESTNAS)
- **Backup Target:** T:\%MACHINE%\BACKUP\
### Key Files
- **UPDATE.BAT:** Machine backup utility (runs on DOS) - v2.0 on T:\UPDATE.BAT
- **NWTOC.BAT:** Network to Computer updates
- **CTONW.BAT:** Computer to Network uploads
- **STAGE.BAT:** System file staging for reboot
- **REBOOT.BAT:** Auto-generated, applies staged updates
- **AUTOEXEC.BAT:** DOS startup, sets %MACHINE% variable
- **CONFIG.SYS:** DOS system configuration
- **STARTNET.BAT:** Network stack initialization
### Folder Structure
```
\\AD2\test\
├── COMMON\ # Shared updates for all machines
│ ├── DOS\ # System files (AUTOEXEC.NEW, CONFIG.NEW)
│ ├── ProdSW\ # Production software updates
│ └── NewSW\ # New software distributions
└── TS-XX\ # Individual machine folders
└── Backup\ # Machine-specific backups
```
---
## Client - MVAN Inc
### Microsoft 365 Tenant 1
- **Service:** M365 tenant
- **Tenant:** mvan.onmicrosoft.com
- **Admin User:** sysadmin@mvaninc.com
- **Password:** r3tr0gradE99#
- **Notes:** Global admin, project to merge/trust with T2
- **Access Methods:** Web (M365 portal)
---
## Client - BG Builders LLC
### Microsoft 365 Tenant
- **Service:** M365 tenant
- **Tenant:** bgbuildersllc.com
- **CIPP Name:** sonorangreenllc.com
- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27
- **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com
- **Admin User:** sysadmin@bgbuildersllc.com
- **Password:** Window123!@#-bgb
- **Added:** 2025-12-19
- **Licenses:**
- 8x Microsoft 365 Business Standard
- 4x Exchange Online Plan 1
- 1x Microsoft 365 Basic
- **Security Gap:** No advanced security features (no conditional access, Intune, or Defender)
- **Recommendation:** Upgrade to Business Premium
- **Access Methods:** Web (M365 portal)
### Email Security (Configured 2025-12-19)
| Record | Status | Details |
|--------|--------|---------|
| SPF | ✅ | `v=spf1 include:spf.protection.outlook.com -all` |
| DMARC | ✅ | `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com` |
| DKIM selector1 | ✅ | CNAME to selector1-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com |
| DKIM selector2 | ✅ | CNAME to selector2-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com |
| MX | ✅ | bgbuildersllc-com.mail.protection.outlook.com |
### Security Investigation (2025-12-22) - RESOLVED
- **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley)
- **Symptoms:** Suspicious sent items reported by user
- **Findings:**
- Gmail OAuth app with EAS.AccessAsUser.All (REMOVED)
- "P2P Server" app registration backdoor (DELETED by admin)
- No malicious mailbox rules or forwarding
- Sign-in logs unavailable (no Entra P1 license)
- **Remediation:**
- Password reset: `5ecwyHv6&dP7` (must change on login)
- All sessions revoked
- Gmail OAuth consent removed
- P2P Server backdoor deleted
- **Status:** RESOLVED
### Cloudflare
- **Zone ID:** 156b997e3f7113ddbd9145f04aadb2df
- **Nameservers:** amir.ns.cloudflare.com, mckinley.ns.cloudflare.com
- **A Records:** 3.33.130.190, 15.197.148.33 (proxied) - GoDaddy Website Builder
---
## Client - Sonoran Green LLC
### Status
**Active** - Related entity to BG Builders LLC (same M365 tenant)
### Company Information
- **Domain:** sonorangreenllc.com
- **Primary Entity:** BG Builders LLC
### Microsoft 365
- **Tenant:** Shared with BG Builders LLC (ededa4fb-f6eb-4398-851d-5eb3e11fab27)
- **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com
### DNS Configuration
#### Current Status
- **Nameservers:** Still on GoDaddy (not migrated to Cloudflare)
- **A Record:** 172.16.10.200 (private IP - problematic)
- **Email Records:** Properly configured for M365
#### Needed Records (Not Yet Applied)
- DMARC: `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com`
- DKIM selector1: CNAME to selector1-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com
- DKIM selector2: CNAME to selector2-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com
---
## Client - CW Concrete LLC
### Microsoft 365 Tenant
- **Service:** M365 tenant
- **Tenant:** cwconcretellc.com
- **CIPP Name:** cwconcretellc.com
- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711
- **Default Domain:** NETORGFT11452752.onmicrosoft.com
- **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification
- **Licenses:**
- 2x Microsoft 365 Business Standard
- 2x Exchange Online Essentials
- **Security Gap:** No advanced security features
- **Recommendation:** Upgrade to Business Premium for Intune, conditional access, Defender
- **Access Methods:** Web (M365 portal)
### Security Investigation (2025-12-22) - RESOLVED
- **Findings:**
- Graph Command Line Tools OAuth consent with high privileges (REMOVED)
- "test" backdoor app registration with multi-tenant access (DELETED)
- Apple Internet Accounts OAuth (left - likely iOS device)
- No malicious mailbox rules or forwarding
- **Remediation:**
- All sessions revoked for all 4 users
- Backdoor apps removed
- **Status:** RESOLVED
---
## Client - Dataforth
### Network
- **Subnet:** 192.168.0.0/24
- **Domain:** INTRANET (intranet.dataforth.com)
### Microsoft 365
#### Tenant Information
- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
- **Admin:** sysadmin@dataforth.com / Paper123!@# (synced with AD)
#### Entra App Registration (Claude-Code-M365)
- **Purpose:** Silent Graph API access for automation
- **App ID:** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29
- **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3
- **Created:** 2025-12-22
- **Expires:** 2027-12-22
- **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All, Sites.ReadWrite.All, Files.ReadWrite.All, Reports.Read.All, AuditLog.Read.All, Application.ReadWrite.All, Device.ReadWrite.All, SecurityEvents.Read.All, IdentityRiskEvent.Read.All, Policy.Read.All, RoleManagement.ReadWrite.Directory
### NPS RADIUS Configuration
- **Server:** 192.168.0.27 (AD1)
- **Port:** 1812/UDP (auth), 1813/UDP (accounting)
- **Shared Secret:** Gptf*77ttb!@#!@#
- **RADIUS Client:** unifi (192.168.0.254)
- **Network Policy:** Unifi - allows Domain Users 24/7
- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
- **AuthAttributeRequired:** False (required for UniFi OpenVPN)
### OpenVPN Routes (Split Tunnel)
- 192.168.0.0/24
- 192.168.1.0/24
- 192.168.4.0/24
- 192.168.100.0/24
- 192.168.200.0/24
- 192.168.201.0/24
---
## Client - Valley Wide Plastering (VWP)
### Network
- **Subnet:** 172.16.9.0/24
### UDM (UniFi Dream Machine)
- **IP:** 172.16.9.1
- **SSH User:** root
- **SSH Password:** Gptf*77ttb123!@#-vwp
- **Role:** Gateway/firewall, VPN server, RADIUS client
- **Access Methods:** SSH, Web
### VWP-DC1 (Domain Controller)
- **IP:** 172.16.9.2
- **Hostname:** VWP-DC1.VWP.US
- **Domain:** VWP.US (NetBIOS: VWP)
- **SSH:** sysadmin / r3tr0gradE99#
- **Role:** Primary DC, NPS/RADIUS server
- **Added:** 2025-12-22
- **Access Methods:** RDP, WinRM
### NPS RADIUS Configuration
- **RADIUS Server:** 172.16.9.2
- **RADIUS Ports:** 1812 (auth), 1813 (accounting)
- **Clients:** UDM (172.16.9.1), VWP-Subnet (172.16.9.0/24)
- **Shared Secret:** Gptf*77ttb123!@#-radius
- **Policy:** "VPN-Access" - allows all authenticated users (24/7)
- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
- **User Dial-in:** All VWP_Users set to Allow
- **AuthAttributeRequired:** Disabled on clients
- **Tested:** 2025-12-22, user cguerrero authenticated successfully
- **Access Methods:** RADIUS protocol
- **AD Structure:**
- Users OU: OU=VWP_Users,DC=VWP,DC=US
- Users with VPN Access (27 total): Darv, marreola, farias, smontigo, truiz, Tcapio, bgraffin, cguerrero, tsmith, tfetters, owner, cougar, Receptionist, Isacc, Traci, Payroll, Estimating, ARBilling, orders2, guru, sdooley, jguerrero, kshoemaker, rose, rguerrero, jrguerrero, Acctpay
---
## Client - Khalsa
### Network
- **Subnet:** 172.16.50.0/24
### UCG (UniFi Cloud Gateway)
- **IP:** 172.16.50.1
- **SSH User:** azcomputerguru
- **SSH Password:** Paper123!@#-camden (reset 2025-12-22)
- **Notes:** Gateway/firewall, VPN server, SSH key added but not working
- **Access Methods:** SSH, Web
### Switch
- **User:** 8WfY8
- **Password:** tI3evTNBZMlnngtBc
- **Access Methods:** Web
### Accountant Machine
- **IP:** 172.16.50.168
- **User:** accountant
- **Password:** Paper123!@#-accountant
- **Local Admin:** localadmin / r3tr0gradE99!
- **Added:** 2025-12-22
- **Notes:** VPN routing issue, RDP enabled
- **Access Methods:** RDP
---
## Client - Scileppi Law Firm
### DS214se (Source NAS - Migration Source - POWERED OFF)
- **Service:** Legacy NAS (source)
- **IP:** 172.16.1.54
- **SSH User:** admin
- **Password:** Th1nk3r^99
- **Storage:** 1.8TB (1.6TB used)
- **Data:** User home folders (admin, Andrew Ross, Chris Scileppi, Samantha Nunez, etc.)
- **Status:** Powered off after migration 2025-12-27
- **Access Methods:** SSH, Web
### Unraid (Source - Migration - POWERED OFF)
- **Service:** Legacy Unraid (source)
- **IP:** 172.16.1.21
- **SSH User:** root
- **Password:** Th1nk3r^99
- **Role:** Data source for migration to RS2212+
- **Data:** /mnt/user/Scileppi (5.2TB)
- Active: 1.4TB
- Archived: 451GB
- Billing: 17MB
- Closed: 3.0TB
- **Status:** Powered off after migration 2025-12-27
- **Access Methods:** SSH, Web
### RS2212+ (Destination NAS)
- **Service:** Primary NAS (destination)
- **IP:** 172.16.1.59
- **Hostname:** SL-SERVER
- **SSH User:** sysadmin
- **Password:** Gptf*77ttb123!@#-sl-server
- **SSH Key:** claude-code@localadmin added to authorized_keys
- **Storage:** 25TB total, 6.9TB used (28%)
- **Data Share:** /volume1/Data (7.9TB - Active, Closed, Archived, Billing, MOTIONS BANK)
- **Notes:** Migration and consolidation complete 2025-12-29
- **Access Methods:** SSH (key + password), Web, SMB
### RS2212+ User Accounts (Created 2025-12-29)
| Username | Full Name | Password | Notes |
|----------|-----------|----------|-------|
| chris | Chris Scileppi | Scileppi2025! | Owner |
| andrew | Andrew Ross | Scileppi2025! | Staff |
| sylvia | Sylvia | Scileppi2025! | Staff |
| rose | Rose | Scileppi2025! | Staff |
| (TBD) | 5th user | - | Name pending |
### Migration/Consolidation Status - COMPLETE
- **Completed:** 2025-12-29
- **Final Structure:**
- Active: 2.5TB (merged Unraid + DS214se Open Cases)
- Closed: 4.9TB (merged Unraid + DS214se Closed Cases)
- Archived: 451GB
- MOTIONS BANK: 21MB
- Billing: 17MB
- **Recycle Bin:** Emptied (recovered 413GB)
- **Permissions:** Group "users" with 775 on /volume1/Data
---
## Client - heieck.org
### Microsoft 365 Migration
- **Microsoft 365 Tenant:** heieckorg.onmicrosoft.com
- **Admin User:** sysadmin@heieck.org
- **Mailboxes:**
- sheila@heieck.org (0.66 GB, 10,490 items)
- jjh@heieck.org (2.39 GB, 31,463 items)
- Passwords: Gptf*77ttb## (Exchange)
### Azure Storage (PST Import)
- **Storage Account:** heieckimport
- **Resource Group:** heieckimport_group
- **Location:** East US
- **Container:** pstimport
- **SAS Token:** (expired 2026-01-22)
- **Uploaded Files:** sheila.pst, jjh.pst (3.05 GB total)
### DNS Configuration (IX Server)
**heieck.org zone:**
- MX: 0 heieck-org.mail.protection.outlook.com
- TXT (SPF): v=spf1 include:spf.protection.outlook.com -all
- TXT (Verification): MS=ms31330906
- CNAME (autodiscover): autodiscover.outlook.com
---
## Client Sites - WHM/cPanel
### IX Server (ix.azcomputerguru.com)
- **Service:** cPanel/WHM hosting server
- **SSH Host:** ix.azcomputerguru.com
- **Internal IP:** 172.16.3.10 (VPN required)
- **SSH User:** root
- **SSH Password:** Gptf*77ttb!@#!@#
- **SSH Key:** guru@wsl key added to authorized_keys
- **Role:** cPanel/WHM server hosting client sites
- **Access Methods:** SSH, cPanel/WHM web
### data.grabbanddurando.com
- **Service:** Client website (Grabb & Durando Law)
- **Server:** IX (ix.azcomputerguru.com)
- **cPanel Account:** grabblaw
- **Site Path:** /home/grabblaw/public_html/data_grabbanddurando
- **Site Admin User:** admin
- **Site Admin Password:** GND-Paper123!@#-datasite
- **Database:** grabblaw_gdapp_data
- **DB User:** grabblaw_gddata
- **DB Password:** GrabbData2025
- **Config File:** /home/grabblaw/public_html/data_grabbanddurando/connection.php
- **Backups:** /home/grabblaw/public_html/data_grabbanddurando/backups_mariadb_fix/
- **Access Methods:** Web (admin), MySQL, SSH (via IX root)
---
## MSP Tools
### Syncro (PSA/RMM) - AZ Computer Guru
- **Service:** PSA/RMM platform
- **API Key:** T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3
- **Subdomain:** computerguru
- **API Base URL:** https://computerguru.syncromsp.com/api/v1
- **API Docs:** https://api-docs.syncromsp.com/
- **Account:** AZ Computer Guru MSP
- **Added:** 2025-12-18
- **Customers:** 5,064 (29 duplicates found)
- **Access Methods:** API
### Autotask (PSA) - AZ Computer Guru
- **Service:** PSA platform
- **API Username:** dguyqap2nucge6r@azcomputerguru.com
- **API Password:** z*6G4fT#oM~8@9Hxy$2Y7K$ma
- **API Integration Code:** HYTYYZ6LA5HB5XK7IGNA7OAHQLH
- **Integration Name:** ClaudeAPI
- **API Zone:** webservices5.autotask.net
- **API Docs:** https://autotask.net/help/developerhelp/Content/APIs/REST/REST_API_Home.htm
- **Account:** AZ Computer Guru MSP
- **Added:** 2025-12-18
- **Notes:** New API user "Claude API"
- **Companies:** 5,499 (19 exact duplicates, 30+ near-duplicates)
- **Access Methods:** REST API
### CIPP (CyberDrain Improved Partner Portal)
- **Service:** M365 management portal
- **URL:** https://cippcanvb.azurewebsites.net
- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
- **API Client Name:** ClaudeCipp2 (working)
- **App ID (Client ID):** 420cb849-542d-4374-9cb2-3d8ae0e1835b
- **Client Secret:** MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT
- **Scope:** api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default
- **CIPP-SAM App ID:** 91b9102d-bafd-43f8-b17a-f99479149b07
- **IP Range:** 0.0.0.0/0 (all IPs allowed)
- **Auth Method:** OAuth 2.0 Client Credentials
- **Updated:** 2025-12-23
- **Notes:** Working API client
- **Access Methods:** REST API (OAuth 2.0)
#### CIPP API Usage (Bash)
```bash
# Get token
ACCESS_TOKEN=$(curl -s -X POST "https://login.microsoftonline.com/ce61461e-81a0-4c84-bb4a-7b354a9a356d/oauth2/v2.0/token" \
-d "client_id=420cb849-542d-4374-9cb2-3d8ae0e1835b" \
-d "client_secret=MOn8Q~otmxJPLvmL~_aCVTV8Va4t4~SrYrukGbJT" \
-d "scope=api://420cb849-542d-4374-9cb2-3d8ae0e1835b/.default" \
-d "grant_type=client_credentials" | python3 -c "import sys, json; print(json.load(sys.stdin).get('access_token', ''))")
# Query endpoints (use tenant domain or tenant ID as TenantFilter)
curl -s "https://cippcanvb.azurewebsites.net/api/ListLicenses?TenantFilter=sonorangreenllc.com" \
-H "Authorization: Bearer ${ACCESS_TOKEN}"
```
#### Old CIPP API Client (DO NOT USE)
- **App ID:** d545a836-7118-44f6-8852-d9dd64fb7bb9
- **Status:** Authenticated but all endpoints returned 403
### Claude-MSP-Access (Multi-Tenant Graph API)
- **Service:** Direct Graph API access for M365 investigations
- **Tenant ID:** ce61461e-81a0-4c84-bb4a-7b354a9a356d
- **App ID (Client ID):** fabb3421-8b34-484b-bc17-e46de9703418
- **Client Secret:** ~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO
- **Secret Expires:** 2026-12 (24 months)
- **Sign-in Audience:** Multi-tenant (any Entra ID org)
- **Purpose:** Direct Graph API access for M365 investigations and remediation
- **Admin Consent URL:** https://login.microsoftonline.com/common/adminconsent?client_id=fabb3421-8b34-484b-bc17-e46de9703418&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
- **Permissions:** User.ReadWrite.All, Directory.ReadWrite.All, Mail.ReadWrite, MailboxSettings.ReadWrite, AuditLog.Read.All, Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Group.ReadWrite.All, SecurityEvents.ReadWrite.All, AppRoleAssignment.ReadWrite.All, UserAuthenticationMethod.ReadWrite.All
- **Created:** 2025-12-29
- **Access Methods:** Graph API (OAuth 2.0)
#### Usage (Python)
```python
import requests
tenant_id = "CUSTOMER_TENANT_ID" # or use 'common' after consent
client_id = "fabb3421-8b34-484b-bc17-e46de9703418"
client_secret = "~QJ8Q~NyQSs4OcGqHZyPrA2CVnq9KBfKiimntbMO"
# Get token
token_resp = requests.post(
f"https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token",
data={
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://graph.microsoft.com/.default",
"grant_type": "client_credentials"
}
)
access_token = token_resp.json()["access_token"]
# Query Graph API
headers = {"Authorization": f"Bearer {access_token}"}
users = requests.get("https://graph.microsoft.com/v1.0/users", headers=headers)
```
---
## Tailscale Network
| Tailscale IP | Hostname | Owner | OS | Notes |
|--------------|----------|-------|-----|-------|
| 100.79.69.82 | pfsense-1 | mike@ | freebsd | Gateway (alternate: 100.119.153.74 pfsense-2) |
| 100.125.36.6 | acg-m-l5090 | mike@ | windows | Workstation |
| 100.92.230.111 | acg-tech-01l | mike@ | windows | Tech laptop |
| 100.96.135.117 | acg-tech-02l | mike@ | windows | Tech laptop |
| 100.113.45.7 | acg-tech03l | howard@ | windows | Tech laptop |
| 100.77.166.22 | desktop-hjfjtep | mike@ | windows | Desktop |
| 100.101.145.100 | guru-legion9 | mike@ | windows | Laptop |
| 100.119.194.51 | guru-surface8 | howard@ | windows | Surface |
| 100.66.103.110 | magus-desktop | rob@ | windows | Desktop |
| 100.66.167.120 | magus-pc | rob@ | windows | Workstation |
---
## SSH Public Keys
### guru@wsl (Windows/WSL)
- **User:** guru
- **Sudo Password:** Window123!@#-wsl
- **Key Type:** ssh-ed25519
- **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIAWY+SdqMHJP5JOe3qpWENQZhXJA4tzI2d7ZVNAwA/1u guru@wsl
- **Usage:** WSL SSH authentication
- **Authorized on:** GuruRMM build server, IX server, Jupiter, Saturn
### azcomputerguru@local (Mac)
- **User:** azcomputerguru
- **Key Type:** ssh-ed25519
- **Public Key:** AAAAC3NzaC1lZDI1NTE5AAAAIDrGbr4EwvQ4P3ZtyZW3ZKkuDQOMbqyAQUul2+JE4K4S azcomputerguru@local
- **Usage:** Mac SSH authentication
- **Authorized on:** GuruRMM build server, IX server
### claude-code@localadmin (Windows)
- **Key Type:** ssh-ed25519
- **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABnQjolTxDtfqOwdDjamK1oyFPiQnaNT/tAgsIHH1Zo
- **Authorized On:** pfSense
---
## VPN Access
### Peaceful Spirit VPN (L2TP/IPSec)
- **Server IP:** 98.190.129.150
- **Tunnel Type:** L2TP/IPSec
- **Pre-Shared Key (PSK):** z5zkNBds2V9eIkdey09Zm6Khil3DAZs8
- **Username:** pst-admin
- **Password:** 24Hearts$
- **Connection Name:** Peaceful Spirit VPN
- **Purpose:** Remote access to Peaceful Spirit Country Club network
- **Authentication:** MS-CHAPv2 with PSK
- **Split Tunneling:** Enabled (only CC traffic uses VPN)
- **Setup Script:** D:\ClaudeTools\Create-PeacefulSpiritVPN.ps1
- **Quick Setup:** D:\ClaudeTools\VPN_QUICK_SETUP.md
**Network Configuration (UniFi Router at CC):**
- **Remote Network:** 192.168.0.0/24
- **DNS Server:** 192.168.0.2
- **Gateway:** 192.168.0.10
**Complete Setup (Run as Administrator):**
```powershell
# Step 1: Create VPN connection with split tunneling
Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MsChapv2 -EncryptionLevel Required -AllUserConnection -RememberCredential -SplitTunneling $true
# Step 2: Add route for CC network (192.168.0.0/24)
Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection
# Step 3: Configure DNS server
Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2"
# Step 4: Save credentials for pre-login access
rasdial "Peaceful Spirit VPN" "pst-admin" "24Hearts$"
rasdial "Peaceful Spirit VPN" /disconnect
# Step 5: Enable pre-login VPN
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord
```
**Quick Connect:**
```powershell
rasdial "Peaceful Spirit VPN"
```
**Disconnect:**
```powershell
rasdial "Peaceful Spirit VPN" /disconnect
```
---
## Connection Testing
### Test Database Connection
```bash
mysql -h 172.16.3.30 -u claudetools -p claudetools
# Password: CT_e8fcd5a3952030a79ed6debae6c954ed
```
### Test API Connectivity
```bash
curl http://172.16.3.30:8001/api/health
```
### Test Gitea SSH
```bash
ssh -p 2222 git@172.16.3.20
# Should return: "Hi there! You've successfully authenticated..."
```
### Test AD2 Access (from Dataforth network)
```cmd
net use T: \\192.168.0.6\test /user:INTRANET\sysadmin Paper123!@#
```
### Test NAS Access (from Dataforth network)
```cmd
net use T: \\192.168.0.9\test
```
---
## Security Notes
- **Never commit this file to public repositories**
- **Credentials are stored unredacted for context recovery**
- **ClaudeTools encrypts credentials in database with AES-256-GCM**
- **JWT tokens expire after configured duration**
- **SSH keys required for Gitea access (ed25519)**
- **Dataforth network is isolated (192.168.0.0/24)**
- **AD2 has SMB1 disabled for security (post crypto-attack)**
- **All production credentials should be rotated regularly**
---
## Context Recovery Usage
When a new Claude session starts or context is lost:
1. **Read this file first** - Get all credentials and infrastructure details
2. **Check session-logs/** - Find recent work and decisions
3. **Read SESSION_STATE.md** - Get project status and phase
4. **Read .claude/claude.md** - Get project overview
This ensures full context recovery without asking user for information already documented.
Reference in New Issue View Git Blame Copy Permalink