DSM 7.2 the 2FA is now mandatory which looks like it is yet not supported by this version

[tzago]

Looks like 2FA is now mandatory and my csi user with admin group right fails to connect to DSM cause it passes only the first phase of the 2FA authentication as seen in the logs....

Trying to make my Synology CSI ISCSI work but not getting it through.

I0906 20:28:00.271711 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"busybox-pvc-tshoot-iscsi-03", UID:"6aa6fcf4-50b0-43ab-bd6c-xxxxxxxx", APIVersion:"v1", ResourceVersion:"637548", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "synostorage": rpc error: code = Internal desc = Couldn't find any host available to create Volume I0906 20:28:00.272002 1 event.go:282] Event(v1.ObjectReference{Kind:"PersistentVolumeClaim", Namespace:"default", Name:"busybox-pvc-tshoot-iscsi-01", UID:"8a9e2772-49f5-402a-a7ad-b32034xxxxxxx", APIVersion:"v1", ResourceVersion:"637588", FieldPath:""}): type: 'Warning' reason: 'ProvisioningFailed' failed to provision volume with StorageClass "synology-iscsi-storage": rpc error: code = Internal desc = Couldn't find any host available to create Volume

below the synology log showing my worker node trying to connect to the DSM. Only first auth passed via password.

09/06/2023 13:59:27 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:59:26 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:59:26 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:59:25 Info synology02 synology-k3s-csi Connection User [synology-k3s-csi] from [192.168.0.39] has successfully passed the first authentication of 2FA via [password] 09/06/2023 13:58:40 Info synology02 SYSTEM System System successfully stopped [SSH service].

[laghoule]

@tzago it's possible to activate 2FA only for some users:

[tzago]

Thanks a log @laghoule that worked for me. Hey maybe what is missing in the docs is a comprehensive explanation on how to best create a user for this synology csi. What is not clear from current documentation is the right settings for the user to be able to creat iscsi luns which clearly requires admin rights. Also what is needed to mitigate security risk while creating this user as the secret will be exposed in plain sight with the user synology user credentials.