2FA: Remove using SSH to move Google folder is not working, 2FA still enforced

Currently reading
2FA: Remove using SSH to move Google folder is not working, 2FA still enforced

239
112
NAS
DS218+ 8GB RAM, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
Last edited:
I've had 2FA go south on one of my NAS (Ds218+).

It's persistently not accepting my authntication code from the Google Authenticator app. Tried it dozens of times - not a fat-finger issue.

DId the SSH trick (below) w/my admin account (not default admin, that's disabled) - but when I try to log in again to my account I still get asked for 2FA. Even rebooted the NAS and same result, keeps asking for 2FA even though the Google 2FA folder has been moved.
Code:
cd /usr/syno/etc/preference/<yourAccountName>/
mv google_authenticator foogle_authenticator
1664413372959.png


I'm going to try the 4 second reset next, and hopefully that will work. But reall wondering why moving/renaming the Google folder via SSH didn't work.

Also - in Googling appears NTP may be at fault (but both my phone and the NAS are reporting the same time as as far as I can tell) and one user restarted NTP from SSH. I can't figure out how to restart NTP from the CL. Any tips on that?

Thanks.
 
Last edited:
Alternately you can re-enable the admin acct via SSH, !og in on that, and then fully disable 2FA on any other account.
Thanks - I should have noted that I tried doing that, and the re-enabled Admin account also asked for 2FA.

2022-09-29 07_55_56-Chrome Main.jpg


This is how I set a password = 1, and re-enabled the account:

Code:
sudo synouser --setpw admin 1
sudo synouser --modify admin admin 0 [email protected]

Should I have done something different?
 
Upvote 0
Definitely looked like a time sync issue:

NAS: 08:16:31

Phone: 8:20 AM

I updated the time manually in SSH, and then while my usual admin account (not Admin) would not let me log in I was finally able to log in w/the Admin account I had re-enabled.

Just so strange...going to remove 2FA and re-add it, and also check my NTP server setup. Things have worked w/out issue for ages so no idea how this happened. This is a DS218+.
 
Upvote 0
Last edited:
Should I have done something different?
Those commands are correct. I presumed earlier that you had used an "administrator" account. It seems you once assigned 2FA to your system admin account.

Short of reset, the only thing would suggest is entering the 2FA codes with a delay ... as this is possibly an NTP issue, and Synology may be running a few minutes late. Just re-enter the same code every 45 seconds until you've wasted ten minutes.

Alternatively, if you can refresh/reset ntp server via SSH... but, I've not tried that.
 
Upvote 0
Those commands are correct. I presumed earlier that you had used an "administrator" account. It seems you once assigned 2FA to your system admin account.

Short of reset, the only thing would suggest is entering the 2FA codes with a delay ... as this is possibly an NTP issue, and Synology may be running a few minutes late. Just re-enter the same code every 45 seconds until you've wasted ten minutes.

Alternatively, if you can refresh/reset ntp server via SSH... but, I've not tried that.
Thanks for your help, appreciate it. Definitely helped to reset the time manually in SSH session, then the Admin account login w/authentication actually worked. So I got it, removed all 2FA, am doing an update of the DSM, and then after it boots up and things work w/out 2FA I'll add it back in on my normal (non-Admin) admin account, and re-suspend the default admin account. Whew... :D Pretty close to decaring victory.

One odd thing is that I was getting an odd error in DSM when using time.nist.gov (which was what it had been set to from initial deployment. Network is fine, the NAS is on it and I'm accessing it via the network and all external/internet connections are working on all devices. I changed to the pool.org and google ntp servers and they worked fine. I'm leaving it on Google for now, so it should be consistent w/our phones when we use Google authentication.
2022-09-29 09_40_46-Chrome Main.jpg
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

For others stumbling across this thread, an alternative to Tip 11, is to (via SSH) reenable the default...
Replies
3
Views
5,190
I have to confess I was doing exactly that :mad: thanks for the tip.
Replies
7
Views
1,617
Thank you for the useful suggestions, I am going to investigate this more. Much appreciated.
Replies
6
Views
1,970
I have seen your post on Mastodon and responded, but I see no issues with using 3rd party 2fa platforms...
Replies
6
Views
5,757
Same here, I look at it and check it out every once in a while. But my issues with it are a conveince...
Replies
6
Views
5,830
Yes, it is through the QC relay service (we don't have ddns set up and no permanent ip address). Yes, we...
Replies
12
Views
4,092
  • Question
You are right - using :443 worked, and with 2FA, which was my initial issue. Thanks! This doesn't work...
Replies
9
Views
2,920

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top