Sorting bits into bytes...

Reset Synology 2-factor authentication

This is going to be a very quick post on how to get access back to your Synology when the MFA stops working. In my case, it has a very valid reason not to work… as I broke my phone. I don’t know why the emergency code never reached my mailbox. According to Synology, the only way to solve this is by resetting my Synology. I don’t really feel like doing so. So here is another solution, which only works if you have SSH access to your Synology.

 

SSH into your Synology:

login as: not-admin

not-admin@172.16.16.42's password:




Synology strongly advises you not to run commands as the root user, who has

the highest privileges on the system. Doing so may cause major damages

to the system. Please note that if you choose to proceed, all consequences are

at your own risk.

 

Switch to the root user:

not-admin@DS420j:~$ sudo su -

Password:

 

Get the groups the default admin user is a part of:

root@DS420j:~# synouser --get admin

User Name   : [admin]
User Type   : [AUTH_LOCAL]
User uid    : [1024]
Primary gid : [100]
Fullname    : [System default user]
User Dir    : [/var/services/homes/admin]
User Shell  : [/bin/sh]
Expired     : [true]
User Mail   : []
Alloc Size  : [125]
Member Of   : [2]
(100) users
(101) administrators

 

Now do the same for your personal admin account:

root@DS420j:~# synouser --get not-admin
User Name   : [not-admin]
User Type   : [AUTH_LOCAL]
User uid    : [1026]
Primary gid : [100]
Fullname    : []
User Dir    : [/var/services/homes/not-admin]
User Shell  : [/bin/sh]
Expired     : [false]
User Mail   : [info@kablog.nl]
Alloc Size  : [136]
Member Of   : [2]
(100) users
(101) administrators

 

Okay that’s enough information, lets create a new admin user:

root@DS420j:~# synouser --add b-admin VMware123! "Backup Admin" 0 info@kablog.nl 2

 

Add the newly created admin user to the administrators group:

root@DS420j:~# synogroup --memberadd administrators b-admin
Group Name: [administrators]
Group Type: [AUTH_LOCAL]
Group ID:   [101]
Group Members:
0:[admin]
1:[not-admin]
2:[b-admin]

 

You should be able to login to your Synology again with administrator privileges. Now you can reset the MFA for the normal-admin account.

Leave a Reply