Big Problem with 2FA

Nextcloud version (eg, 20.0.5): can’t know
Operating system and version (eg, Ubuntu 20.04): Debian

Hello Everyone,

I come to you guys because I have some troubles with Nextcloud and 2FA.
I wanted to try 2FA but I didn’t liked it so I decided to remove it. To do so I unchecked the option.

Two-step authentication has been enforced but is not configured on your account. Contact your administrator for assistance.

But now, I have this message everytime I try to connect even with the admin account. If someone has an idea how to resolve this ? :cold_face:

I found a topic about it

I tried this command

root@:/var/www/nextcloud#  sudo -u nextcloud php /var/www/nextcloud/occ twofactorauth:disable
An unhandled exception has been thrown:
OC\HintException: [0]: Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)

The error is meant literally. There’s a checkbox to mandate 2FA which it says is enabled, but you have removed it from the admin account. Since it’s required, the account can’t be used without it.

Disabling the 2FA app will probably not change the aforementioned setting either. I think the setting you need is this:

occ config:system:set twofactor_enforced --value="false"

I would encourage you to use 2FA as this is one of the main features that help to keep accounts from getting hacked. We’re quickly heading to a place where no system will be secure without it.

The APCu error is a separate issue interfering with use of occ. I don’t remember the solution off the top of my head, but you can find it here in a forum search.

1 Like

I second @KarlF12’s comment on using 2FA at least for your PRIVILLEGED accounts. Personally, I have 2FA for ALL accounts, but I use convenient ways, like a FIDO2 token and my mobile with the NC app. Easy to use, and much more secure that without.

If you have access to your SQL server and are familiar with SQL, you may also delete all related entries directly. I used the following commands to remove that warning since I could no longer use twofactor_admin (now fixed for NC25 but not released yet). Mind to check your setup first, and have a DB dump, just in case.

delete from oc_twofactor_admincodes;
delete from oc_twofactor_providers where provider_id like "admin";
1 Like

Thanks for your answers !
I wanted to try 2FA but my explanation was wrong. It’s not that I didn’t like it, it’s just that I wanted to deactivate it because I wanted to do the config later :confused:
I did the command you gave me

occ config:system:set twofactor_enforced --value="false"

But now, once I want to log-in, I have this error:

Looks like you’re trying to reinstall your Nextcloud. However, the CAN_INSTALL file is missing from your configuration directory. Please create the CAN_INSTALL file in your configuration folder to continue

I’m on Yunohost it may be related :frowning: