Jump to content
XPEnology Community
  • 0

How Do I Disable 2FA? Locked Out of DSM7



I upgraded one of my DS3622xs+ VMs today and for some reason 2FA is failing on it. Prior to update it was on 7.1.0-42661-4 and is now on 7.1.1-42962. Part of the update was also to move from TCRP 0.8 to TCRP 0.9 with Friend.


- I can't login to the web interface with admin or user account as both are 2FA enabled and I get the error "Unable to sign in due to configuration errors. Contact your administrator to reset 2FA or reset NAS."


- I've 2FA-enabled the admin account, so can't follow any of the guides online to login as admin and disable it on my user account


- I can login via SSH and serial console as admin and my user account, and have created a temp account with no 2FA that can sign in via the web UI


- I've tried adding this account to the administrators group so I can disable 2FA on the other accounts, but this fails (tried running as admin with sudo and root):

root@diskstation:~# synogroup --add administrators temp
Lastest SynoErr=[group_set.c:507]
SYNOLocalAccountGroupSet failed, synoerr=0x1700


- I read in other guides online that deleting the google_authenticator file in cd /usr/syno/etc/preference/<user> will reset it, but that file is not there on my machine (maybe that's the problem?)

  • Like 1
Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 1

Okay, I figured this out, should have read the documentation!


I was using the wrong verb on the Synology group command, should have been 'addmember', not 'add'.


I've now added the temp account to the administrators group and disabled 2FA


Having now booted up and logged in, it looks like the reason it was failing may be something to do with two of my four HDDs being missing. Looks like I have satamap problems :(

Edited by WiteWulf
  • Like 1
Link to comment
Share on other sites

  • 1

This is the document to read:


But from the cli, I simply did:

synouser --add temp temppassword "temp account" 0 me@my.com 0


That got me an account called "temp" with password "temppassword" that wasn't expired, email of me@my.com and no app privileges


Then add it to the administrators group with:


synogroup -memberadd administrators temp



Edited by WiteWulf
  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...