azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
666d06af1b2a888cf4c45c4f163e6fe87d0a737b
claudetools/credentials.md
Mike Swanson 29e2df60c5 feat: Complete DOS machine deployment verification and AD2-NAS sync infrastructure 
This checkpoint establishes verified deployment infrastructure for the Dataforth
DOS Update System with proper file synchronization and documentation.

## Key Changes

### TS-4R Backup and Analysis
- Backed up complete TS-4R machine to D:\ClaudeTools\backups\TS-4R\
- Analyzed MENUX.EXE startup menu system (758-line QuickBasic program)
- Documented complete startup sequence: AUTOEXEC.BAT → STARTNET.BAT → MENUX.EXE
- Found MENUX.BAS source code (Feb 2008 version) from KEPCO ABC software archive

### AD2-NAS Sync Infrastructure Fixes
- Created junction: COMMON → _COMMON (single source of truth for software updates)
- Verified bidirectional sync logic prevents data backflow:
  * Test data: DOS → NAS → AD2 → Database (one-way, deleted from NAS)
  * Program updates: AD2 → NAS → DOS (one-way, files remain on AD2)
- Manually deployed correct BAT file versions to NAS after sync connection issues
- Verified all 9 BAT files deployed correctly (5.1KB-8.8KB each)

### Deployment Scripts Created
- check-junction.ps1: Verify COMMON/\_COMMON junction status
- compare-common-folders.ps1: Compare folder contents
- deploy-correct-bat-files.ps1: Deploy BAT files from local to AD2
- fix-common-junction.ps1: Create COMMON → _COMMON junction
- verify-bat-deployment.ps1: Verify file versions on AD2
- manual-push-to-nas.sh: Manual BAT file deployment to NAS
- read-sync-script.ps1: Read Sync-FromNAS.ps1 from AD2
- search-menux-ad2.ps1: Search for MENUX source files

### Documentation Updates
- Updated all deployment guides with MENUX startup sequence
- Added startup flow to credentials.md and session logs
- Documented junction requirement for COMMON/\_COMMON
- Added data flow verification confirming unidirectional sync

## Technical Details

**Files Deployed to NAS (2026-01-20 09:01-09:02):**
- UPDATE.BAT (5,181 bytes) - Machine backup utility
- DEPLOY.BAT (5,579 bytes) - One-time deployment installer
- NWTOC.BAT (6,305 bytes) - Network to Computer updates
- CTONW.BAT (7,831 bytes) - Computer to Network uploads
- CTONWTXT.BAT (1,504 bytes) - Text file version
- CHECKUPD.BAT (6,495 bytes) - Check for updates
- STAGE.BAT (8,794 bytes) - Stage system files
- REBOOT.BAT (5,099 bytes) - Apply staged updates
- AUTOEXEC.BAT (2,211 bytes) - DOS startup configuration

**Sync Logic Verified:**
- PULL: /data/test/TS-*/LOGS/*.DAT copied to AD2, then deleted from NAS
- PUSH: C:\Shares\test\_COMMON\ProdSW\* copied to /data/test/COMMON/ProdSW/
- No reverse flow in either direction (test data never returns to DOS)

**Junction Created:**
- Target: C:\Shares\test\COMMON → C:\Shares\test\_COMMON
- Eliminates duplicate file maintenance
- Backup saved to C:\Shares\test\COMMON.backup

## Files Modified
- DOS_DEPLOYMENT_GUIDE.md: Added automatic startup sequence
- docs/DEPLOYMENT_GUIDE.md: Updated post-reboot expectations
- docs/ENGINEER_HOWTO_GUIDE.md: Added MENUX menu loading step
- credentials.md: Documented startup sequence and MENUX interface
- session-logs/2026-01-19-session.md: Added startup documentation

## Files Added
- 8 PowerShell deployment/verification scripts
- 3 HTML documentation exports
- TS-4R complete backup (not committed to git)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-20 16:03:00 -07:00

13 KiB
Raw Blame History

Credentials & Authorization Reference

Last Updated: 2026-01-19 Purpose: Centralized credentials for Claude Code context recovery Project: ClaudeTools MSP Work Tracking System

Infrastructure - SSH Access

GuruRMM Server (172.16.3.30)

  • Host: 172.16.3.30
  • User: guru
  • SSH Port: 22
  • Role: Production server hosting ClaudeTools database and API
  • Services:
    • MariaDB 10.6.22 (Port 3306)
    • ClaudeTools API (Port 8001)
    • Nginx reverse proxy (Port 80/443)
  • Database:
    • Database: claudetools
    • User: claudetools
    • Password: CT_e8fcd5a3952030a79ed6debae6c954ed
  • Notes: Primary ClaudeTools infrastructure, systemd service auto-starts API

Jupiter (Unraid Primary - 172.16.3.20)

  • Host: 172.16.3.20
  • User: root
  • SSH Port: 22
  • Password: Th1nk3r^99##
  • Role: Primary container host, Gitea server
  • Services:
    • Gitea (Port 3000, SSH 2222)
    • Docker containers
  • Notes: Used for code repository management and version control

Dataforth Infrastructure

AD2 (Production Server - 192.168.0.6)

  • Host: 192.168.0.6
  • Domain: INTRANET
  • User: INTRANET\sysadmin
  • Password: Paper123!@#
  • OS: Windows Server 2022
  • Local Path: C:\Shares\test
  • Share Access: \192.168.0.6\C$ (admin share, requires credentials)
  • Role: Production server for Dataforth DOS machines
  • Services:
    • Active Directory Domain Controller
    • File Server (SMB3)
    • Scheduled sync task (Sync-FromNAS.ps1 every 15 min)
    • WinRM (PowerShell Remoting) on port 5985
    • OpenSSH Server on port 22
  • Network: 192.168.0.0/24
  • Automation Access:
    • Service Account: INTRANET\ClaudeTools-ReadOnly
    • Service Password: vG!UCAD>=#gIk}1A3=:{+DV3
    • Service UPN: ClaudeTools-ReadOnly@dataforth.local
    • Permissions: Read-only AD access, Remote Management Users group
    • Scripts Location: C:\ClaudeTools\Scripts\
    • Logs Location: C:\ClaudeTools\Logs\Transcripts\
  • SSH Key (sysadmin account):
    • Key Type: ED25519
    • Fingerprint: SHA256:JsiEDAJ/fD19d6W7B5iuV78f8dLKZbLTrMor7b9CXSQ
    • Public Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpk0bdronDasfx5RYjky4N4xIeUJF5xIJdX08rb3+Ui sysadmin@AD2-automation
    • Private Key Location: C:\Users\sysadmin.ssh\id_ed25519
  • WinRM Configuration:
    • TrustedHosts: 172.16.,192.168.,10.* (LAN/VPN access)
    • Listener: HTTP on port 5985
    • Transcript Logging: Enabled (all remote sessions logged)
    • Module Logging: Enabled
    • Script Block Logging: Enabled
  • Connection Method (SMB Share): 
    $pass = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $pass)
New-PSDrive -Name Z -PSProvider FileSystem -Root '\\192.168.0.6\C$' -Credential $cred
# Access: Z:\Shares\test\
  • Connection Method (WinRM - Admin): 
    $password = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $password)
Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred
  • Connection Method (WinRM - Read-Only): 
    $password = ConvertTo-SecureString 'vG!UCAD>=#gIk}1A3=:{+DV3' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\ClaudeTools-ReadOnly', $password)
Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred
  • Connection Method (SSH): 
    ssh INTRANET\\sysadmin@192.168.0.6
# Password: Paper123!@#
# Or with key: ssh -i path/to/id_ed25519 INTRANET\\sysadmin@192.168.0.6
  • Software Update Locations:
    • Common (all machines): C:\Shares\test\COMMON\ProdSW\ and C:\Shares\test_COMMON\ProdSW\
    • Station-specific: C:\Shares\test\TS-XX\ProdSW\
    • System files: C:\Shares\test\COMMON\DOS\
  • Notes:
    • SMB1 disabled for security (after crypto attack)
    • Sync mechanism moved from NAS to AD2 due to WINS crashes
    • Files sync to NAS within 15 minutes after placement
    • DOS machines pull from NAS (not directly from AD2)

D2TESTNAS (SMB1 Proxy - 192.168.0.9)

  • Host: 192.168.0.9
  • HTTP: http://192.168.0.9/
  • User (Web): admin
  • Password (Web): Paper123!@#-nas
  • SSH User: root
  • SSH Auth: ed25519 key (passwordless)
  • Role: SMB1 proxy/bridge for DOS 6.22 machines
  • OS: Linux (NAS appliance)
  • Share: \D2TESTNAS\test (maps to /data/test)
  • Services:
    • SMB1 server (for DOS machine compatibility)
    • SSH server (Port 22)
  • Notes:
    • Bridges DOS machines (SMB1) with AD2 (SMB3)
    • Previous sync location (moved to AD2)
    • Network path: /data/test/

Dataforth DOS Machines (TS-XX)

  • Network: 192.168.0.0/24
  • OS: MS-DOS 6.22
  • Count: ~30 machines for QC testing
  • Naming: TS-01 through TS-30
  • Network Share: T: drive (maps to \D2TESTNAS\test)
  • Machine Variable: %MACHINE% (set in AUTOEXEC.BAT)
  • Backup Location: T:%MACHINE%\BACKUP\
  • Update Path: T:\COMMON\
  • Credentials: None (local DOS machines)
  • Notes:
    • SMB1 protocol required
    • DOS 6.22 limitations: no %COMPUTERNAME%, no IF /I
    • Network stack: MS Client 3.0, Netware VLM client
    • Update workflow: AD2 → D2TESTNAS → DOS machines
    • Startup sequence: AUTOEXEC.BAT → STARTNET.BAT → MENUX.EXE
    • MENUX menu provides test module selection interface

AD2-NAS Sync System

  • Script: C:\Shares\test\scripts\Sync-FromNAS.ps1
  • Runs: Every 15 minutes (Windows Scheduled Task)
  • User: INTRANET\sysadmin
  • Direction: Bidirectional
  • Tools: PuTTY (plink.exe, pscp.exe)
  • Log: C:\Shares\test\scripts\sync-from-nas.log
  • Status: C:\Shares\test_SYNC_STATUS.txt (monitored by DattoRMM)
  • Last Verified: 2026-01-19 12:09 PM (running successfully)
  • PULL (NAS → AD2):
    • Test results: /data/test/TS-XX/LOGS/*.DAT → C:\Shares\test\TS-XX\LOGS\
    • Reports: /data/test/TS-XX/Reports/*.TXT → C:\Shares\test\TS-XX\Reports\
    • Files deleted from NAS after successful sync
    • DAT files imported to database automatically
  • PUSH (AD2 → NAS):
    • Common updates: C:\Shares\test\COMMON\ProdSW\ → /data/test/COMMON/ProdSW/
    • Station updates: C:\Shares\test\TS-XX\ProdSW\ → /data/test/TS-XX/ProdSW/
    • Root utility: C:\Shares\test\UPDATE.BAT → /data/test/UPDATE.BAT
    • One-shot tasks: C:\Shares\test\TS-XX\TODO.BAT → /data/test/TS-XX/TODO.BAT
  • Notes:
    • Moved from NAS to AD2 in January 2026
    • Reason: WINS crashes and SSH lockups on NAS
    • NAS script (/root/sync-to-ad2.sh) is DEPRECATED

Services - Web Applications

Gitea (Git Server)

  • URL: https://git.azcomputerguru.com/
  • Web Port: 3000
  • SSH: ssh://git@172.16.3.20:2222
  • Username: azcomputerguru
  • Email: mike@azcomputerguru.com
  • Password: Gptf*77ttb123!@#-git
  • SSH Key: claude-code (ed25519) - CONFIGURED AND WORKING
  • SSH Fingerprint: SHA256:E+dhx8dYK+pWyqFUcAVAeJtaQEI3cOiIs7eac1w3Dnk
  • API Token: (Generate via web UI as needed)
  • Repository: azcomputerguru/ClaudeTools
  • Role: Source code version control, project sync
  • Docker Container: gitea (on Jupiter server)
  • Notes:
    • Web login: azcomputerguru / Gptf*77ttb123!@#-git
    • SSH access: ssh -T -p 2222 git@172.16.3.20 (verified working 2026-01-19)
    • Git remote: ssh://git@172.16.3.20:2222/azcomputerguru/ClaudeTools.git
    • Password reset: docker exec -u git gitea gitea admin user change-password --username azcomputerguru --password 'NEW_PASSWORD'
    • SSH key added: 2026-01-19 15:09 (claude-code)

ClaudeTools API (Production)

Projects - ClaudeTools

Database (MariaDB)

  • Host: 172.16.3.30
  • Port: 3306
  • Database: claudetools
  • User: claudetools
  • Password: CT_e8fcd5a3952030a79ed6debae6c954ed
  • Connection String: 
    mysql+pymysql://claudetools:CT_e8fcd5a3952030a79ed6debae6c954ed@172.16.3.30:3306/claudetools?charset=utf8mb4
  • Tables: 38 tables (fully migrated)
  • Encryption: AES-256-GCM for credentials table
  • Backup: Daily automated backups

API Authentication

  • Method: JWT tokens
  • Password Hashing: Argon2
  • Token Endpoint: POST /api/auth/token
  • Token Format: Bearer token in Authorization header
  • Example: 
    curl -X POST http://172.16.3.30:8001/api/auth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=test@example.com&password=testpassword123"

Encryption Keys

  • Method: AES-256-GCM (Fernet)
  • Key Storage: Environment variable ENCRYPTION_KEY
  • Usage: Credentials table password encryption
  • Notes: Never commit encryption key to git

Projects - Dataforth DOS

Update Workflow

  • Admin Deposits: \AD2\test\COMMON\ (on AD2)
  • Sync Mechanism: AD2 scheduled task (location TBD)
  • DOS Pull: T:\COMMON\ (from D2TESTNAS)
  • Backup Target: T:%MACHINE%\BACKUP\

Key Files

  • UPDATE.BAT: Machine backup utility (runs on DOS)
  • NWTOC.BAT: Network to Computer updates
  • CTONW.BAT: Computer to Network uploads
  • STAGE.BAT: System file staging for reboot
  • REBOOT.BAT: Auto-generated, applies staged updates
  • AUTOEXEC.BAT: DOS startup, sets %MACHINE% variable
  • CONFIG.SYS: DOS system configuration
  • STARTNET.BAT: Network stack initialization

Folder Structure

\\AD2\test\
├── COMMON\              # Shared updates for all machines
│   ├── DOS\            # System files (AUTOEXEC.NEW, CONFIG.NEW)
│   ├── ProdSW\         # Production software updates
│   └── NewSW\          # New software distributions
└── TS-XX\              # Individual machine folders
    └── Backup\         # Machine-specific backups

Connection Testing

Test Database Connection

mysql -h 172.16.3.30 -u claudetools -p claudetools
# Password: CT_e8fcd5a3952030a79ed6debae6c954ed

Test API Connectivity

curl http://172.16.3.30:8001/api/health

Test Gitea SSH

ssh -p 2222 git@172.16.3.20
# Should return: "Hi there! You've successfully authenticated..."

Test AD2 Access (from Dataforth network)

net use T: \\192.168.0.6\test /user:INTRANET\sysadmin Paper123!@#

Test NAS Access (from Dataforth network)

net use T: \\192.168.0.9\test

Security Notes

  • Never commit this file to public repositories
  • Credentials are stored unredacted for context recovery
  • ClaudeTools encrypts credentials in database with AES-256-GCM
  • JWT tokens expire after configured duration
  • SSH keys required for Gitea access (ed25519)
  • Dataforth network is isolated (192.168.0.0/24)
  • AD2 has SMB1 disabled for security (post crypto-attack)
  • All production credentials should be rotated regularly

VPN Access

Peaceful Spirit VPN (L2TP/IPSec)

  • Server IP: 98.190.129.150
  • Tunnel Type: L2TP/IPSec
  • Pre-Shared Key (PSK): z5zkNBds2V9eIkdey09Zm6Khil3DAZs8
  • Username: pst-admin
  • Password: 24Hearts$
  • Connection Name: Peaceful Spirit VPN
  • Purpose: Remote access to Peaceful Spirit Country Club network
  • Authentication: MS-CHAPv2 with PSK
  • Split Tunneling: Enabled (only CC traffic uses VPN)
  • Setup Script: D:\ClaudeTools\Create-PeacefulSpiritVPN.ps1
  • Quick Setup: D:\ClaudeTools\VPN_QUICK_SETUP.md

Network Configuration (UniFi Router at CC):

  • Remote Network: 192.168.0.0/24
  • DNS Server: 192.168.0.2
  • Gateway: 192.168.0.10

Complete Setup (Run as Administrator):

# Step 1: Create VPN connection with split tunneling
Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MsChapv2 -EncryptionLevel Required -AllUserConnection -RememberCredential -SplitTunneling $true

# Step 2: Add route for CC network (192.168.0.0/24)
Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection

# Step 3: Configure DNS server
Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2"

# Step 4: Save credentials for pre-login access
rasdial "Peaceful Spirit VPN" "pst-admin" "24Hearts$"
rasdial "Peaceful Spirit VPN" /disconnect

# Step 5: Enable pre-login VPN
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord

Quick Connect:

rasdial "Peaceful Spirit VPN"

Disconnect:

rasdial "Peaceful Spirit VPN" /disconnect

Context Recovery Usage

When a new Claude session starts or context is lost:

  1. Read this file first - Get all credentials and infrastructure details
  2. Check session-logs/ - Find recent work and decisions
  3. Read SESSION_STATE.md - Get project status and phase
  4. Read .claude/claude.md - Get project overview

This ensures full context recovery without asking user for information already documented.

Reference in New Issue View Git Blame Copy Permalink