OK … it seems, that with “7.0.1-42218 Update 2” an bug comes in where the device_id parameter is not provided anymore during login API calls, but this device_id is used to re-auth a new 2FA session from home-assistant (after integration reload or HA restart)
I have filed a support ticket with Synology, but cannot promis, that they will fix this … further I cannot really do any additional debugging or other checks, which could be requested by Synology within this support ticket, since my NAS is still on the unaffected version.
Same issue. I can log on to the NAS just fine via browser using 2FA, but it fails whilst setting up the integration.
As I am forcing 2FA for all users, disabling it is not an option as login in will fail due to the system going into the “set up 2FA” cycle
You can change that to force 2FA so that you DON’T force it for ALL users, but only selected ones. Then you select all users BUT the one for HA. That’s what i did, and it works.
True, but you can disable all acces for everything (all folders, all apps…), like it’s described above and still works for HA. So it’s not much of a vulnerability…
Unfortunately there is no (visible) progress in the Synology support ticket, yet (see #64867 (comment))
But feel free to open an support ticket on your own with Synology and reference to #3011170 - feel free to use the following as template/blueprint:
[Symptome]
when login with OTP and to enable to omit 2-factor verification via SYNO.API.Auth (example 3 on page 15), the response does not have the parameter did anymore, so later login with omitted OTP (example 4 on page 15) is not possible anymore.
This issue was first observed with 7.0.1-42218 Update 2, in prior version 7.0.1-42218 it works as expected
How do you fix it after a firmware update on the Synology. HA won’t reconnect. Just throws an error about the OTP. It would be horribly dumb to have to remove it and add it back in from HA.
EDIT: Restart HA to fix the connection issue.
