As reported in many other topics apparently it's still necessary to use SMB1 for playing music from a Synology Diskstation system? It's now 2021 and I just had to change the settings on my diskstation to allow the unsecure SMB1 in order to be able to add a shared folder to my Sonos music library.
Sonos seems to be closing all topics on this forum about this subject for further comments, but is not addressing the problem?
+22
I originally went the “cheap NAS” route, soon discovered WD had abandoned it and wasn’t providing security updates. I felt it wasn’t safe to leave on line at that point.
If you look at the Pi SMB v1 setup instructions it is dead simple and only takes a few minutes. The Pi is designed to keep getting security and other updates for the foreseeable future.
No big deal which way you go aside from enabling SMB v1 on a NAS holding important data. That is a non-starter in my opinion.
I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:
Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.
in my humble opinion this assumption has not been confirmed by SONOS - let us just hope Synology will not drop SMBv1 support some day
At present, the next major release of DSM, DSM 7, has dropped support for SMB1. There is currently a workaround, but I wouldn’t count on it for release, or for long term support. See - https://community.synology.com/enu/forum/20/post/139200
+22
There are other work-around options, a NAS to SMB v1 gateway on a Raspberry Pi Zero W is my favorite solution.
Far better in my opinion than enabling SMB v1 on your NAS.
I’ve found a workaround for using S1 with a Synology NAS without activating SMB1.
You might need to add a wired connection to your Connect as I encountered bandwidth issues. But with an ethernet cable plugged in, this setup ran smoothly.
I originally went the “cheap NAS” route, soon discovered WD had abandoned it and wasn’t providing security updates. I felt it wasn’t safe to leave on line at that point.
I can’t say that I’m overly bothered - it’s not exposed to the outside world, so they need to get into my network first.
No big deal which way you go aside from enabling SMB v1 on a NAS holding important data. That is a non-starter in my opinion.
Absolutely - all my non-Sonos data is on a much more secure Synology.
+22
I think the forum software locks older inactive topics, check the last post and last post date.
SMBv1 security isn’t really an issue, If you really care about it you’d use either a dedicated SMBv1 NAS or a NAS to SMBv1 gateway and remove the security issue.
The best solution is to use Plex, instead of a fileshare.
this have the bonus of providing access from a phone or desktop pc to the music library everywhere.
Thank you for this! Genius and I just killed SMB1 on my Synology. Works great and now secure. Love me some Plex.
Yes, that is stupid.
But at least we have a choice between a known exploitable SMB1 setup, and Plex.
Having said that. Sonos should have fixed this.
Yes, that is stupid.
But at least we have a choice between a known exploitable SMB1 setup, and Plex.
Having said that. Sonos should have fixed this.
Which must surely be just as exploitable if you leave the TCP Port open (usually port 32400 by default) and not have the Plex service running on that port because you have shut down the Plex server, or have enabled UPNP on your router in order to use a dynamically assigned TCP port … I think I prefer to take my chances with SMBv1 given the choice.
It’s mentioned in various threads here that Sonos were not able to upgrade the SMB protocol on the ‘old’ Linux kernel, but they were able to introduce it on the newer S2 setup - that has now been done.
Ideally, it’s a far better option to upgrade/switch to the new S2 Sonos system as soon as practicable.
+22
If you can put a firewall rule set in place to keep your SMB v1 NAS off the Internet completely that is a reasonable choice.
The problem with a lot of these devices is that they want access to remote servers/services and are aggravating in various ways if they don’t get it. Some stuff you can spoof to a local server like NTP but other stuff is more difficult or impossible to spoof.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
