We are writing summer 2019 and still Sonos only supports SMB version 1 for the Music Library share.
This is not acceptable.
A file share running SMB1 is extremely vulnerable to all the variants of cryptolocker virus that exists today. File share servers (NAS, Windows, Apple OS) can only support one version of SMB - so you cannot from the same box have one file share (for Sonos) using SMB1 and the other file shares using SMB2 or SMB3. This way Sonos puts each and every file share at serious risc - just because they don’t update their file share protocol to comply with this century.
And for the record - the “solution” through PLEX is not a solution. Unstable at best.
Page 6 / 12
LOL! Exactly. Defending Sonos for obvious reasons. Like I said, take a look at the boards and understand what Sonos’s customers want. Step into the 21st century and give your customers something other than SMB1. Otherwise people will leave.
I have spent $1,000+ on Sonos and love the platform but if you think SMB1 is acceptable, then I am out along with a lot of other people on this board.
Userlevel 7
+23
Do I think SMBv1 is a good idea? No. Do I think Sonos will fix it? Hmm probably not IMHO. Engineering decisions are driven by various criteria, such as number of customers affected (tiny), complexity of fix (low for S2 assuming the Linux kernel has already been updated and I have no idea if that has happened, high if not), availability of work arounds (there are lots) and risk of the security issue (debatable).
SMH.
Userlevel 1
Come on Sonos, where is SMB2/3support for S2 hardware?
Userlevel 7
+22
Take the time to go back and read the history on this issue. I’m not going to re-do all the work I’ve put in in the past and I expect others feel the same just to save you looking it up.
I will sum it up quickly, Sonos has long used an unsupported version of Linux that they have manually patched with the bare minimum stuff needed to stay secure. SMB didn’t make the cut because it required a newer kernel that wouldn’t fit on the older hardware. Making it worse the newer SMB is bigger too.
There is hope but it involves Sonos doing a new kernel and that is mind-bendingly difficult. Then they have to port all their patches and tweaks to the new kernel. Then they have to do the applications. And finally when the core is complete they need to port the Sonos software onto the kernel/GPL base.
Userlevel 7
+22
Oh, forgot to add, I don’t work for Sonos and I have not been quiet or kind to them over many of their decisions that have had negative impacts on me.
A 20 minute / 20 buck fix to a minor problem just doesn’t rise to that level.
Userlevel 1
Take the time to go back and read the history on this issue. I’m not going to re-do all the work I’ve put in in the past and I expect others feel the same just to save you looking it up.
I will sum it up quickly, Sonos has long used an unsupported version of Linux that they have manually patched with the bare minimum stuff needed to stay secure. SMB didn’t make the cut because it required a newer kernel that wouldn’t fit on the older hardware. Making it worse the newer SMB is bigger too.
There is hope but it involves Sonos doing a new kernel and that is mind-bendingly difficult. Then they have to port all their patches and tweaks to the new kernel. Then they have to do the applications. And finally when the core is complete they need to port the Sonos software onto the kernel/GPL base.
Stanley, thanks for the summary. That explains it more clearly than the other posts I’d been flipping through.
I don’t fully understand the kernal memory issue as I’m not that technical. Does Sonos still use the same kernal on both the S1/S2 hardware, so is that why the S2 hardware won’t be updated with a kernel supporting SMB2, even though S1 is now legacy equipment?
Userlevel 7
+22
Knowing what Sonos is actually doing has always been hard, almost impossible now that they locked us out of almost all internal data.
I think both S1 and S2 are still on the same old kernel, can’t prove it though. If you dig through the Sonos GPL documentation you might find evidence of their direction.
I’m sure the S2 will migrate to a newer kernel, maintaining the old one is likely getting more and more difficult. Once migrated it would actually be difficult to force many of the new native protocols back to the antique versions S1 is limited to. When is hard, times are grim and free money to do things is short everywhere, the change will not be cheap.
Memory in Sonos comes in two basic flavors, persistent code/data storage, where the data like music index and playlists live and the programs downloaded from Sonos that run the hardware reside when the device is powered down and random access memory where the programs are run and transient data stored, all that is blanked at power down.
There are charts around that show the amounts of memory in the different devices and versions. The main take-away is the S1 stuff has much less of both types of memory than the S2 stuff.
The lack of memory has forced Sonos to make some hard choices pre-split, removing stuff some customers really liked in order to add new stuff that more customers wanted. With the S2 split they can keep adding to the S2 gear while leaving the S1 alone and not aggravating the S1 owners.
Come on SONOS get with the times when DSM 7 become GA. you will be getting a lot of calls as Synology do not support SMB 1.0 by default.
OK, I am now hit with this issue, I have the Synology DSM beta installed and I now cannot connect my Sonos system as they have disabled ntlmv1
More info here
[Update] Lost SMB access with NTLMv1 in DSM 7 Beta | Synology Community
I don;t understand what this means apart from I now cannot access my music
OK, I am now hit with this issue, I have the Synology DSM beta installed and I now cannot connect my Sonos system as they have disabled ntlmv1
More info here
[Update] Lost SMB access with NTLMv1 in DSM 7 Beta | Synology Community
I don;t understand what this means apart from I now cannot access my music
Hi Mick
you will need to install the “SMB Service” package on your DSM 7 NAS drive to enable SMB 1 protocol and get your music library back.
it worked for me.
Yes I have done that but I wonder how long Synology will provide that!
Dunno but it should be OK with DSM 7 as it’s an additional add on.
i think the main point here with SONS is for them to update there software so that this can be uninstall from DSM and reduce a security risk and get it working by default.
Userlevel 7
+22
My first choice would be for Sonos to drop SMB v1 and enable the new versions too.
As an alternative you can easily set up a gateway from your NAS, using any Linux supported protocol to the required SMB v1 for Sonos.
Not great but is sure beats burning your Sonos gear in the drive in protest. :-)
Another user affected by the upgrade to DSM 7 and losing access to the music folder.
Using android and synology, I do not see any options to cast music to sonos.
Edit: updated to refer to sonos to support chromecast with Sonos Arc, One SL
Synology, to my knowledge, maintains no official presence in these Sonos forums. You may be better off contacting their CS directly, as posting your unhappiness here likely has no impact on them (although will hopefully stoke the fires for Sonos, but we’ll have to see).
Synology, to my knowledge, maintains no official presence in these Sonos forums. You may be better off contacting their CS directly, as posting your unhappiness here likely has no impact on them (although will hopefully stoke the fires for Sonos, but we’ll have to see).
That solution didn’t work for me.
I did have the SMB service installed after DSM 7 upgrade and enabled SMB V1 - but still ended up with invalid username / password error message even though the share can be accessed with the same credentials from a Mac.
The method by which the speakers reach the shared location is via SMB v1, the same can not be said for the controller running on your computer. With SMB v1 now active, I would recommend that you submit a system diagnostic, and call Sonos Support to discuss it, or post the diagnostic number here for a Community Moderator to pick up.
There may be information included in the diagnostic that will help Sonos pinpoint the issue and help you find a solution.
When you speak directly to the phone folks, there are more options available beyond just the diagnostic analysis.
Userlevel 7
+22
My suggestion of using a NAS to SMB v1 gateway keeps looking better and better.
Not saying the issue isn’t real, just that it is a minor aggravation, not a show stopper.
I’ve not read all of it (and I won’t), but I read the sum up of page 6 of Stanley 4.
If not smb2/3 because of explained reasons then why not nfs? As far as I know NFS is smaller, less cpu intensive and more light weight than samba. (Samba/cifs comes from the windows side)
NFS is even linux nativ and most(good) NAS systems provide that as well.
I currently share my music via nfs to a virtual machine which is running nothing else than a samba server providing smbv1 as I don’t want that on my main server. And all that only for sonos.
I did spend some money on sonos, but I’m still missing a lot of devices across the house, I’m currently considering selling them and move to a different product if the situation does not improve.
After all, those devices are far away from cheap. One could expect that they spent some of that money in hardware that is more future proof than “that one kernel version that they build at day 1”.
I know many people that did not buy sonos just because of this situation here and they still laugh at me.
This is pure speculation but I could imagine that the real reason for them still running that same old kernel is because the’ve lost the one person building/maintaining it and now its a “black box” and nobody dares to touch it.
I’d buy in to that pure speculation, if I hadn’t have been in similar situations in the past, where only one person on the team had specific knowledge, and when that team member left, it was a pretty quick decision to have not only a rewrite of the software done, but ensure it was properly annotated, and multiple people were able to maintain it. That has happened to me, exactly once, and will never again.
My own speculation remains that there isn’t enough available memory in the S1 devices to implement a new, larger, and SMB v x>1 kernel. Which is why I have some hopes that the next version of Sonos S2 that isn’t just bug fixes, will include a new kernel. I have zero expectations that any S1 only device would get it, so those who are running S2 capable devices under S1 would not garner the benefit.
Hi, I have not been able to read the entire thread, but I can see we are still talking about SMB2/3 support vs SMB1. I found all this while trying to set up a music library on a Raspberry PI.
About half of my job is pentesting and I think I’ll be mostly preaching to the choir here, but I could probably count on all of our fingers and toes how many Credit Unions and Banks my company has fully compromised due to the use of SMBv1 and/or lack of SMB Signing. (and maybe run out of hands and feet.)
SMB Signing could potentially solve the issue as well, however, I read a post explaining that SMB has been deprecated by Sonos in favor of HTTP, which still transmits in clear text, but it isnt the data we are protecting (music) it is the network authentication credentials and identities of computers/users but removing SMBv1 in favor of more secure authentication protocols.
The danger as I understand it would be an attacker’s ability to impersonate devices and initiate a Man-in-the-Middle attack. With SMB Signing required for Samba and Windows hosts alike (all compatible systems), the attacker would not be able to utilize this attack vector. Unfortunately, if the network in question had any hosts utilizing NTLMv1 and Broadcast Domain Services such as MDNS, NBT-NS, or LLMNR, an attacker may still be able to capture NTLM hashes, likely resulting in the compromise of the system or network utilizing those credentials.
All of this aside, I opened up Wireshark when I heard about the HTTP over SMBv1 situation, and I can confirm that using Sonos S1 with Gen 1 Play 5 and 2-Gen 1 Play 1’s that HTTP and HTTP/XML is in use, and I have yet to see an SMB packet while playing music from a local library on a Windows 10 machine.
So my question is, since HTTP is now in use over SMB of any kind, is the conversation about using SMBv2/3 even worth having? If so, could someone please explain this to me?
Userlevel 7
+22
Sonos only offers the HTTP option for Windows and Mac, not NAS devices.
Security flaws in SMB v1 aren’t very scary as long as the SB v1 device contains no sensitive information of any kind. Also for Sonos use there is no reason not to firewall the SMB server away from the Internet completely.
NFS might be an option but it would also require some additional storage and memory and the older Sonos have been having features removed, some of which appear to have been removed to open up memory for newer features. Sonos releases little so all is based on speculation, not facts but it sure looks like a low memory situation.
I’ll stick to one of two options, a dedicated SMB v1 Sonos music server, my current option. Second a NAS (any supported Linux protocol) to SMB v1 Gateway. Neither of which require any sensitive data. The Gateway, if using WiFi and not Ethernet will need your WiFi password though.
Sonos, this is ridiculous and thoroughly embarrassing. You have a premium product for a premium price. Stop acting like some cheap Chinese knockoff. I suppose next you’re going to tell me only Internet Explorer and SSL 2.0 are supported on your website.
That would indeed be odd, since both of those run on your local device or the server,and not on the limited memory of the Sonos equipment.
Page 6 / 12
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.