Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DSM 7.2 the 2FA is now mandatory which looks like it is yet not supported by this version #62

Open
tzago opened this issue Sep 6, 2023 · 2 comments
Open

DSM 7.2 the 2FA is now mandatory which looks like it is yet not supported by this version #62

tzago opened this issue Sep 6, 2023 · 2 comments

Comments

@tzago
Copy link

tzago commented Sep 6, 2023

Looks like 2FA is now mandatory and my csi user with admin group right fails to connect to DSM cause it passes only the first phase of the 2FA authentication as seen in the logs....

Trying to make my Synology CSI ISCSI work but not getting it through.

I0906 20:28:00.271711 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"busybox-pvc-tshoot-iscsi-03", UID:"6aa6fcf4-50b0-43ab-bd6c-xxxxxxxx", APIVersion:"v1", ResourceVersion:"637548", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "synostorage": rpc error: code = Internal desc = Couldn't find any host available to create Volume
I0906 20:28:00.272002 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"busybox-pvc-tshoot-iscsi-01", UID:"8a9e2772-49f5-402a-a7ad-b32034xxxxxxx", APIVersion:"v1", ResourceVersion:"637588", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "synology-iscsi-storage": rpc error: code = Internal desc = Couldn't find any host available to create Volume

#below the synology log showing my worker node trying to connect to the DSM. Only first auth passed via password.
09/06/2023 13:59:27 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:59:26 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:59:26 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:59:25 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:58:40 Info synology02 SYSTEM System System successfully stopped [SSH service].
@laghoule
Copy link

laghoule commented Sep 19, 2023
edited
Loading

@tzago it's possible to activate 2FA only for some users:
2023-09-19_19-51

@tzago
Copy link
Author

tzago commented Oct 14, 2023

Thanks a log @laghoule that worked for me.
Hey maybe what is missing in the docs is a comprehensive explanation on how to best create a user for this synology csi.
What is not clear from current documentation is the right settings for the user to be able to creat iscsi luns which clearly requires admin rights.
Also what is needed to mitigate security risk while creating this user as the secret will be exposed in plain sight with the user synology user credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@laghoule @tzago