Access denied errors after NAS/server OS update


Hi all,

I'm currently confused by what my Sonos system (or rather, its software) is trying to tell me. I just updated my server's OS a few days ago, when suddenly Sonos wasn't able to access the Samba/NAS share on that device any more, stating access was denied. I removed my music library folder using the Sonos App (on my Windows PC) and tried to re-add it, again resulting in an "Access denied" error. The same occurs when I try to re-add my NAS folder via Android App.

The directory permissions in the (path to the) Samba share folder were not altered, and also the smb.conf file was not modified in any way. Accessing the Samba-enabled folders on my server still works fine from my Windows PC as well.

Does anyone have an idea what else may be the reason for the sudden loss of access to my Samba share folder?

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

16 replies

Hello bootrecords, a belated "Welcome to the Community"

Wondering if the O/S update deactivated SMB v1 in favor of SMB v2. Sonos needs SMB v1 on and active. Would you mind having a look?
Well, the OS update included a Samba update to 4.6.4, which is supposed to be a security release to fix the WannaCry exploit. I'm not super familiar with further options for Samba configuration, but as I wrote above, my smb.conf file wasn't changed. And supposedly that is where one would set the "server min protocol" or "client min protocol" flags, which, at least according to https://www.samba.org/samba/docs/man/manpages/smb.conf.5.html still default to SMB v1 (and weren't overridden by my own settings).

Nevertheless, I set the protocol version to SMB v1 manually on my server, restarted the Samba service, and still the previously mentioned "Access Denied" error was all I encountered when trying to add the share as a Music Library to Sonos system. I'm also not quite sure if a protocol mismatch would really cause this kind of error - honestly, I'd assume that this would have already caused the Sonos app not to find the share in the first place (but then again, I'm not an expert on Samba).

Edit: Just for shiz'n'giggles I set the "server min protocol" value to SMB3, and lo, the error message I get is not "Access Denied", but refers me to https://sonos-de.custhelp.com/app/answers/detail/a_id/3390?utm_source=cr-care&utm_medium=serverstack&utm_content=german-cr-care-serverstack
Userlevel 2
Badge +1
Wannacry exploits SMB1, so any patch to protect you is disabling SMB1, which is what Sonos requires. Until Sonos fixes this you either have to leave yourself exposed or remove the ability to access a music library.

I use a NAS to hold my music library and this is very annoying.
Badge
I have run into the same problem.
My music library lives on a Fedora Linux server. Recently I discovered that Sonos had lost access to it.
After much searching, I find that this is probably because the SAMBA in my Linux distro has disabled SMB1 by default to avoid the WannaCry vulnerability. But I cannot figure out how to turn it on in my /etc/samba/smb.conf file.

I tried "server min protocol = NT1". I also tried "server min protocol = LANMAN1". It still does not work.

Most likely, SAMBA does not do SMB1 anymore.
Am I really going to have to buy a separate NAS for my music library?
Userlevel 7
Badge +21
A Sonos only SMBv1 NAS is the safe thing to do, a Raspberry PI is a good option, a WD Live drive is a good short term solution but WD only supports them with security patches for a short time.
Badge
Sonos uses an old version of the SMB protocol, which has been deprecated because it enables the WannaCry vulnerability. SAMBA no longer supports the SMB1 protocol out of the box.

The good resolution would be for Sonos to support the newer SMB2 protocol.

The solution for now is to add the following line to the [global] section of your /etc/samba/smb.conf file:
ntlm auth = yes

I hope you find this faster than I did!
Userlevel 7
Badge +21
Any "solution" that leaves my NAS open to a WannaCry attack isn't a solution I care to use. If you are prepared to recover from that, pay the ransom or just risk your files being locked and lost then SMB v1 on your main NAS is an option.

https://infogalactic.com/info/WannaCry_ransomware_attack
Badge
I seem to be getting what seems like a similar problem since my mac upgraded to High Sierra. Sonos works fine for streaming from, say, Deezer, but cannot find the music library, even though it is on my Mac. (albeit on a separate internal hard disk). I have tried everything I can think of to fix it including removing and re-adding the library checking file sharing permissions etc. Ot used to work fine but i just can't get it to re-add the music library. Very frustrating!
Thanks that explains why I can't play music. I turned off SMBv1 a few weeks ago after seeing the risks associated with it. SONOS needs to address this and use the safer newer versions.
My Play 3 is officially a dust collector until I can either index upnp or mount an smb2 share from my NAS. Please add SMB2 support soon!
Userlevel 7
Badge +21
Adding a second NAS that is run with the insecure SMB v1 enabled is the solution many are taking. Either something like a Raspberry Pi or a Western Digital - WD networked drive is fairly cheap.
So more money for what should be done by Sonos!
Userlevel 7
Badge +21
Sadly choices must be made:

Keep your NAS secure and don't get your music.
Wait for Sonos to update and don't get your music until they do. (no announcement of any fix has been made)
Lower your security and get your music but risk security issues.
Add some new hardware with lower security on it and get your music.

Looking back at how long this has gone on and the people that have offered Sonos help in solving the problem I decided waiting longer wasn't an option.

Looking at the severity of the reported problems lowering my main NAS security wasn't an option.

Adding a $40 Raspberry Pi and a drive from my junk drawer got me my music while keeping my NAS safe so I went that route. It is a small fraction of what I have invested in Sonos gear and far less worrying than lowering my NAS security.

If Sonos ever gets us SMB v2 I'll have a spare Pi to play with when I move my library back to my NAS.
Thank you Stanley that is a very useful suggestion and I have an old HDD and have been looking for an excuse to try doing something with a Raspberry PI. It is extraordinary that SONOS is happy to put its customers at risk of WannaCry they need to be embarrassed into fixing this by lots of pressure from users. Lets hope they are listening but not likely based on the time taken so far.
Userlevel 7
Badge +20
It is extraordinary that SONOS is happy to put its customers at risk of WannaCry they need to be embarrassed into fixing this by lots of pressure from users.
While I completely agree that Sonos should update its SMB support to include versions later than v1, just for the record: the WannaCry vulnerability was already fixed in Windows months before the WannaCry exploit emerged. If folks choose to run un-patched or unsupported operating systems, they have much to worry about beyond SMB vulnerabilities. WannaCry is also a Windows-only exploit, and I don't know of any NAS devices running Windows.
Userlevel 7
Badge +20
Thank you Stanley that is a very useful suggestion and I have an old HDD and have been looking for an excuse to try doing something with a Raspberry PI.
There are lots of other fun Sonos things you can do once you've set up your rPi. Just as a couple of examples: AirConnect enables direct AirPlay on all of your Sonos speakers, and Sonos HTTP API allows you to use simple URLs to automate control of your Sonos system. Both are open source.