Reset Synology 2-factor authentication
This is going to be a very quick post on how to get access back to your Synology when the MFA stops working. In my case, it has a very valid reason not to work… as I broke my phone. I don’t know why the emergency code never reached my mailbox. According to Synology, the only way to solve this is by resetting my Synology. I don’t really feel like doing so. So here is another solution, which only works if you have SSH access to your Synology.
SSH into your Synology:
login as: not-admin not-admin@172.16.16.42's password: Synology strongly advises you not to run commands as the root user, who has the highest privileges on the system. Doing so may cause major damages to the system. Please note that if you choose to proceed, all consequences are at your own risk.
Switch to the root user:
not-admin@DS420j:~$ sudo su - Password:
Get the groups the default admin user is a part of:
root@DS420j:~# synouser --get admin User Name : [admin] User Type : [AUTH_LOCAL] User uid : [1024] Primary gid : [100] Fullname : [System default user] User Dir : [/var/services/homes/admin] User Shell : [/bin/sh] Expired : [true] User Mail : [] Alloc Size : [125] Member Of : [2] (100) users (101) administrators
Now do the same for your personal admin account:
root@DS420j:~# synouser --get not-admin User Name : [not-admin] User Type : [AUTH_LOCAL] User uid : [1026] Primary gid : [100] Fullname : [] User Dir : [/var/services/homes/not-admin] User Shell : [/bin/sh] Expired : [false] User Mail : [info@kablog.nl] Alloc Size : [136] Member Of : [2] (100) users (101) administrators
Okay that’s enough information, lets create a new admin user:
root@DS420j:~# synouser --add b-admin VMware123! "Backup Admin" 0 info@kablog.nl 2
Add the newly created admin user to the administrators group:
root@DS420j:~# synogroup --memberadd administrators b-admin Group Name: [administrators] Group Type: [AUTH_LOCAL] Group ID: [101] Group Members: 0:[admin] 1:[not-admin] 2:[b-admin]
You should be able to login to your Synology again with administrator privileges. Now you can reset the MFA for the normal-admin account.