SMB2 (or SMB3) support must be supported NOW!

They have a Windows client they regularly update.  There is no reason they couldn’t do a secure proxy through their own software without additional configuration or accommodation by their users.  Windows programmers are not rare, nor necessarily expensive.  Again, Sonos is a “premium” product and they charge accordingly for those products.  So I get it, you think we should all roll out our own hardware to address Sonos’s unwillingness to address well know, long existing security flaws.  So noted, I respectfully disagree.  We can agree to disagree.

I just started using Sonos and tried to connect to a Synology NAS. The S2 controller was showing error messages that made no sense (https://support.sonos.com/s/article/262?language=en_US&utm_source=cr-care&utm_medium=serverstack&utm_campaign=de-cr-care-serverstack).

I finally found this and reactivated SMB1 which I feel uncomfortable with because it is old and full of security flaws.

Sonos need to get their act together and implement SMB3 asap.

Well one of my speakers is the new Play One which Sonos said we needed to support Airplay and other features.  I imagine implementing Alexa is a little more memory demanding than adding an SMB2 stack.

Sonos, this is ridiculous and thoroughly embarrassing.  You have a premium product for a premium price.  Stop acting like some cheap Chinese knockoff.  I suppose next you’re going to tell me only Internet Explorer and SSL 2.0 are supported on your website.

Hi, I have not been able to read the entire thread, but I can see we are still talking about SMB2/3 support vs SMB1. I found all this while trying to set up a music library on a Raspberry PI.

About half of my job is pentesting and I think I’ll be mostly preaching to the choir here, but I could probably count on all of our fingers and toes how many Credit Unions and Banks my company has fully compromised due to the use of SMBv1 and/or lack of SMB Signing. (and maybe run out of hands and feet.)

SMB Signing could potentially solve the issue as well, however, I read a post explaining that SMB has been deprecated by Sonos in favor of HTTP, which still transmits in clear text, but it isnt the data we are protecting (music) it is the network authentication credentials and identities of computers/users but removing SMBv1 in favor of more secure authentication protocols.

The danger as I understand it would be an attacker’s ability to impersonate devices and initiate a Man-in-the-Middle attack. With SMB Signing required for Samba and Windows hosts alike (all compatible systems), the attacker would not be able to utilize this attack vector. Unfortunately, if the network in question had any hosts utilizing NTLMv1 and Broadcast Domain Services such as MDNS, NBT-NS, or LLMNR, an attacker may still be able to capture NTLM hashes, likely resulting in the compromise of the system or network utilizing those credentials.

All of this aside, I opened up Wireshark when I heard about the HTTP over SMBv1 situation, and I can confirm that using Sonos S1 with Gen 1 Play 5 and 2-Gen 1 Play 1’s that HTTP and HTTP/XML is in use, and I have yet to see an SMB packet while playing music from a local library on a Windows 10 machine.

So my question is, since HTTP is now in use over SMB of any kind, is the conversation about using SMBv2/3 even worth having? If so, could someone please explain this to me?

I’ve not read all of it (and I won’t), but I read the sum up of page 6 of Stanley 4.
If not smb2/3 because of explained reasons then why not nfs? As far as I know NFS is smaller, less cpu intensive and more light weight than samba. (Samba/cifs comes from the windows side)
NFS is even linux nativ and most(good) NAS systems provide that as well.

I currently share my music via nfs to a virtual machine which is running nothing else than a samba server providing smbv1 as I don’t want that on my main server. And all that only for sonos.
I did spend some money on sonos, but I’m still missing a lot of devices across the house, I’m currently considering selling them and move to a different product if the situation does not improve.
After all, those devices are far away from cheap. One could expect that they spent some of that money in hardware that is more future proof than “that one kernel version that they build at day 1”.
I know many people that did not buy sonos just because of this situation here and they still laugh at me.

This is pure speculation but I could imagine that the real reason for them still running that same old kernel is because the’ve lost the one person building/maintaining it and now its a “black box” and nobody dares to touch it.

The method by which the speakers reach the shared location is via SMB v1, the same can not be said for the controller running on your computer. With SMB v1 now active, I would recommend that you submit a system diagnostic, and call Sonos Support to discuss it, or post the diagnostic number here for a Community Moderator to pick up.

There may be information included in the diagnostic that will help Sonos pinpoint the issue and help you find a solution.

When you speak directly to the phone folks, there are more options available beyond just the diagnostic analysis. 

@Simmo1969 has already posted a solution in this thread. 

Synology, to my knowledge, maintains no official presence in these Sonos forums. You may be better off contacting their CS directly, as posting your unhappiness here likely has no impact on them (although will hopefully stoke the fires for Sonos, but we’ll have to see).

My first choice would be for Sonos to drop SMB v1 and enable the new versions too.

As an alternative you can easily set up a gateway from your NAS, using any Linux supported protocol to the required SMB v1 for Sonos.

Not great but is sure beats burning your Sonos gear in the drive in protest. :-)

Yes I have done that but I wonder how long Synology will provide that!

OK, I am now hit with this issue, I have the Synology DSM beta installed and I now cannot connect my Sonos system as they have disabled ntlmv1

More info here

[Update] Lost SMB access with NTLMv1 in DSM 7 Beta | Synology Community

I don;t understand what this means apart from I now cannot access my music

Knowing what Sonos is actually doing has always been hard, almost impossible now that they locked us out of almost all internal data.

I think both S1 and S2 are still on the same old kernel, can’t prove it though. If you dig through the Sonos GPL documentation you might find evidence of their direction.

I’m sure the S2 will migrate to a newer kernel, maintaining the old one is likely getting more and more difficult. Once migrated it would actually be difficult to force many of the new native protocols back to the antique versions S1 is limited to. When is hard, times are grim and free money to do things is short everywhere, the change will not be cheap.

Memory in Sonos comes in two basic flavors, persistent code/data storage, where the data like music index and playlists live and the programs downloaded from Sonos that run the hardware reside when the device is powered down and random access memory where the programs are run and transient data stored, all that is blanked at power down.

There are charts around that show the amounts of memory in the different devices and versions. The main take-away is the S1 stuff has much less of both types of memory than the S2 stuff.

The lack of memory has forced Sonos to make some hard choices pre-split, removing stuff some customers really liked in order to add new stuff that more customers wanted. With the S2 split they can keep adding to the S2 gear while leaving the S1 alone and not aggravating the S1 owners.