[urgent] 2FA error

wcors

I'm unable to log in using the 2fa; however, it worked earlier. How do i reset it or disable the 2FA. i have latest version updated, Enhance. Control Panel.

mendozal

There's no standard way to do this. I believe this issue requires a ticket. But if you want to try and solve it yourself, you can take a look at this:

https://community.enhance.com/d/2105-2fa-backup-codes

There are some queries to disable otp for specific users. That should work for v11 but not for v12, since enhance doesn't use docker anymore.

For v12, you can query the orchd database this way:

As root:

su - orchd
psql
select * from login;

Locate your account's email address and then you can do what's explained in the other thread:

update logins set auth_method = 'basic' where email ='yoursuperadmin@email.com';

Disclaimer: I haven't used this myself, I'm not sure if this works. Please take every precaution and make sure your backups are up to date before trying it.

wcors

mendozal, isn't there a backup code? It should have. I do not know what's gone wrong, but it should work. I have added a few fields in the Branding and it starts to show error.

wcors

mendozal it shows 1 UPDATED but doesn't reflect changes. I have reverted the snapshot, as a backup, restored. I have not yet got a reply from @Adam.

mendozal

wcors Have you checked your computer's and server's date/time? Or if it has the correct timezone applied? 2FA is dependand on this to generate correct codes.

wcors

mendozal I haven't touched the time or the date yet. overall. It should work fine. I have also created the ticket. @Adam, if he can help as soon as possible. The default time of the server is UTC.

GoSuccess

You can disable 2FA like this:

ecp disable2-fa email@address.tld

wcors

GoSuccess thank you it works

xyzulu

If anyone comes across this thread in the future.. Enhance have a few cli tools you can use for things like this.

ecp --help will show them to you.. so far there are:

init join create-default-control-panel sso get-join-command users change-password disable2-fa info regenerate-control-panel-proxies update-http-disabled-status help Print this message or the help of the given subcommand(s)

You can also get help with subcommands.. ie ecp disable2-fa --help