We are writing summer 2019 and still Sonos only supports SMB version 1 for the Music Library share.
This is not acceptable.
A file share running SMB1 is extremely vulnerable to all the variants of cryptolocker virus that exists today. File share servers (NAS, Windows, Apple OS) can only support one version of SMB - so you cannot from the same box have one file share (for Sonos) using SMB1 and the other file shares using SMB2 or SMB3. This way Sonos puts each and every file share at serious risc - just because they don’t update their file share protocol to comply with this century.
And for the record - the “solution” through PLEX is not a solution. Unstable at best.
Page 9 / 12
+9
I’m not an expert on that but I think running SMB v1 on anything does have security issues. Too lazy to dig into the details as they likely vary by Linux distribution.
Avoiding the issue, I went with a dedicated SMB v1 NAS based on a Raspberry PI here and set up a friend with a NFS to SMB v1 gateway on a Pi Zero W.
This has been an open issue for so long expecting a change isn’t realistic. Not saying it won’t come, but don’t hold your breath. Instead pick a safe work-around and move on.
The .Net Core option sounds interesting but my problem is solved.
I have read your posts elsewhere on using a raspberry pi as a Gateway. For a dozen years I was running a dlink 323 only for Sonos and leaving it on SMB1. That box has died and my main NAS which I won’t allow the unsecured smb1 to run on could certainly hold my ~20,000 tracks and the gateway idea seems to make sense. I am far more proficient at networking than I am at coding…. and I’ve never used a pi but I love the idea of what you present and the cost is lower which is great. The comments that you make about how to set that up seem generally simple to follow but I was curious if that is a complete instruction set or if that is a small portion of a much larger assumption that someone would have complete understanding of setting up the pi? Also is there a general security issue with having any device running version one even the pi as a Gateway? That would not itself cause the issues that we are trying to avoid?
Curious as to whether you’ve read the thread before posting to it?
I am so puzzled at the lack of support for NAS users.
Am I the only one with old, weird music that is impossible to find elsewhere?
And if Sonos does not want to support NAS, could they not support OneDrive instead?
Oh well, since I do not know what I am doing it took me forever to figure out the SMB1 solution.
But now it is done. Until the next hiccup.
Bose, here I come!
Userlevel 7
+22
I’m not an expert on that but I think running SMB v1 on anything does have security issues. Too lazy to dig into the details as they likely vary by Linux distribution.
Avoiding the issue, I went with a dedicated SMB v1 NAS based on a Raspberry PI here and set up a friend with a NFS to SMB v1 gateway on a Pi Zero W.
This has been an open issue for so long expecting a change isn’t realistic. Not saying it won’t come, but don’t hold your breath. Instead pick a safe work-around and move on.
The .Net Core option sounds interesting but my problem is solved.
A file share running SMB1 is extremely vulnerable to all the variants of cryptolocker virus that exists today.
I was under the impression that this was for old unpatched versions of Windows...
Are you saying that my Samba server runing under Linux is vulnerable to this family of exploits when allowing SMB1?
Userlevel 7
+23
If NAS users want a solution, they just need to get the http server running on those NASs, which would take a few hours of work. However there has been zero interest expressed in this work to date.
Are you saying that that I could get this to work over HTTP with a few hours of work? Care to share?
Sure, PM me and I’ll give you the details. Requirement: A NAS platform that can run .NET Core and knowledge of C#.
Sonos could simply delete SMB support tomorrow
Yes they could.
(which would be the most secure option)
Because HTTP is secure and SMB is insecure? Or are you referring to the issue that is only affecting Windows?
If NAS users want a solution, they just need to get the http server running on those NASs, which would take a few hours of work. However there has been zero interest expressed in this work to date.
Are you saying that that I could get this to work over HTTP with a few hours of work? Care to share?
Sonos have the telemetry to know how many users rely on file servers
You mean from the thing most advanced users turn off when they set up their system?
Userlevel 7
+23
A bigger concern for me would be if Sonos want to stop supporting local file servers completely.
Sonos could simply delete SMB support tomorrow (which would be the most secure option), and those of us using PCs or Macs to host music files would still be fine, as SMB is not required for those platforms any more.
If NAS users want a solution, they just need to get the http server running on those NASs, which would take a few hours of work. However there has been zero interest expressed in this work to date.
Sonos have the telemetry to know how many users rely on file servers, and how many of those use NASs and need SMB support. One can only assume the numbers are small enough for them to not be too concerned about that demographic.
A bigger concern for me would be if Sonos want to stop supporting local file servers completely.
……….
But I realize I might be a dying minority that don't pay a monthly fee to listen to the music I have already bought.
Same here… I’ve tried out a few subscription services, but I’d have to buy into multiple services simply to access the range of music that I already ‘own’.
I haven’t automatically accepted any updates since 5.x, when (from my point of view) they messed up the interface, and currently lock down everything tight unless I have a real need to open anything up. Usually updating costs me money - e.g. yet another perfectly capable device is obsolete, from a Sonos point of view.
I think that we just have to accept that we are no longer the target audience, and take whatever steps are necessary to be able to use our kit in the way that we want to, until it dies. I feel much happier now that suitable alternatives are available - and not only much cheaper but more capable. I speak as someone, though, who has no need for multi-room in sync playing, so my options are perhaps more open than some.
Curious as to how they’ve monetized Sonos Radio. I’m not paying a subscription fee to Sonos, so far….or to anyone else. Unless you mean the same advertising as terrestrial radio already has.
I’m not worried about data collection, could care less!
I was responding to your comment “I know they don’t sell my personal data, but what about aggregate”
It is not very likely that they do, as there isn't anything left to sell.
Userlevel 7
+14
That’s true historically right, but do we know the current state? Maybe they’ve sold out with S2 and we dont know it lol. Also Have they monetized their data collection? - I know they don’t sell my personal data, but what about aggregate? Don’t forget about Sonos radio, they’ve monetized that!.
I don't think you need to worry about data collection from Sonos for streaming services. There is nothing left to collect. Amazon, Google or Spotify is already collecting everything with surgical precision every time you play a track, since these services handle everything for Sonos.
I don't think you need to worry about data collection for playing your local library either. If data collection was their intent they would have been a lot more eager to support local services….
I’m not worried about data collection, could care less!
That’s true historically right, but do we know the current state? Maybe they’ve sold out with S2 and we dont know it lol. Also Have they monetized their data collection? - I know they don’t sell my personal data, but what about aggregate? Don’t forget about Sonos radio, they’ve monetized that!.
I don't think you need to worry about data collection from Sonos for streaming services. There is nothing left to collect. Amazon, Google or Spotify is already collecting everything with surgical precision every time you play a track, since these services handle everything for Sonos.
I don't think you need to worry about data collection for playing your local library either. If data collection was their intent they would have been a lot more eager to support local services….
Userlevel 7
+14
That’s interesting. Given that they don’t make any money from any streaming service’s monthly subscription, I’m not sure I would understand any real pressure, other than that of supporting what people are doing generally. But I too would be distressed if they were to remove that capability.
That’s true historically right, but do we know the current state? Maybe they’ve sold out with S2 and we dont know it lol. Also Have they monetized their data collection? - I know they don’t sell my personal data, but what about aggregate? Don’t forget about Sonos radio, they’ve monetized that!.
This doesn’t lead me to thinking they will drop local music support. But they’ve been neglecting this for a long time, besides the smb issue, real lack of new features added to local playback, so maybe
Just pure baseless speculation on my part.
Userlevel 7
+22
Tick me off too, a fair amount of what I like to listen to isn’t available from streaming sources.
That’s interesting. Given that they don’t make any money from any streaming service’s monthly subscription, I’m not sure I would understand any real pressure, other than that of supporting what people are doing generally. But I too would be distressed if they were to remove that capability.
Plenty of effort and probably considerable political maneuvering has been spent on supporting Alexa integration (and lately Google support.)
When you are talking to your Sonos One you are unable to request your local music, but have to request Amazon music. Coincidence? What do you think Amazon would like you to play, in return for all the generous support they spent on helping with the Sonos/Alexa integration? There are Alexa skills for turning random stuff on and off around your house, for crying out loud. Do you think the built-in Alexa capability *really* couldn't tell your Sonos to play Rammstein from your local library if they wanted that to happen?
So as a user group we find support for our local music libraries being in the background. We are on a deprecated file system. We have no support for voice integration. And all the big guys are trying to push Sonos over to their echo systems. Our days might be numbered.
That’s interesting. Given that they don’t make any money from any streaming service’s monthly subscription, I’m not sure I would understand any real pressure, other than that of supporting what people are doing generally. But I too would be distressed if they were to remove that capability.
A bigger concern for me would be if Sonos want to stop supporting local file servers completely. Sonos is under a lot of pressure from the cloud crowd to focus only on Amazon music, Spotify, Google Play, Soundcloud, etc, etc…
There is a lot of money and politics involved. No big business want you to play your files from home. Not a single company thinks this is good for their bottom line. Myself I have been running local file servers with my Sonos farm since 2006, and this is the one reason I have stuck with Sonos. If Sonos ditched local file support I might just as well use my Echo Dots and get some cheap amps for those in listening locations.
But I realize I might be a dying minority that don't pay a monthly fee to listen to the music I have already bought.
Userlevel 7
+22
That may or may not work, many NAS devices today refuse to support SMB v1 due to the security issues, others will if you can find the proper settings.
Even if a device supports v1 now that may be removed if it is updated.
think i’ll just buy a $50 NAS drive on eBay and leave it as that
Userlevel 7
+22
Having the newer options available would be noce, many of us had hoped to see them with the S2 release and were disapointed they didn’t make the cut.
The setup isn’t too bad, really just a few edits to existing files. Another option is to just use the Pi as your Sonos Music Library which is what I do here. A Pi Zero-W (you need the W, not just the Zero) will do the job and is often available for $5.00 just add a USB power supply and a micro SD card and you are good.
https://stan-miller.livejournal.com/650.html
Pi is cheaper elsewhere but Amazon is easy to link to. You’d want this kit and a SD card that is shown below the Pi section.
https://smile.amazon.com/CanaKit-Raspberry-Wireless-Official-Supply/dp/B071L2ZQZX/ref=sr_1_7
wow, that seems complicated and I’m on a mac :(
Userlevel 7
+22
You can easily create a NAS to SMB v1 gateway on most any computer so that you don’t have to run v1 on your NAS.
This is specifically for a Pi but the same basic settings should work about anywhere.
https://stan-miller.livejournal.com/357.html
Waiting / asking for a newer version has not been productive, I’ve been waiting since v2 came out in 2006.
Please sort it out as I can’t backup to my NAS drive as the OS on those systems won’t backup to NAS with v1. So I’m stuck and have to have a special NAS drive for Sonos with old school stuff on it.
Very disappointed in Sonos. I have just updated all my older speakers to support S2 and still they are running a version of SMB known to be insecure SMB V1, even on the new S2 APP. This version of SMB was superseded over 3 years ago. Come on Sonos Sort this out, stop putting our systems at risk.
Page 9 / 12
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.