With all the recent reports and issues with the WannaCry ransomware I wanted to restrict use of SMB v1 on my home network. My NAS blocks this to the outside world but I wanted to secure things internally as well. I can configure the NAS to not support SMB v1 but this then prevents the Sonos controller app from seeing the share. When will Sonos support later versions of SMB? I had seen another thread on this somewhere and it sounded like it wasn't going anywhere. Is it possible to get an update on this please.
Page 4 / 5
For those of us not using Windows to share our libraries, can we expect an update to HTTP or SMB 2/3 or are we locked in at smb1?
Is this HTTP file sharing a Sonos proprietary protocol, or are you utilizing an open standard?
Latest firmware release 8.6 deprecates smb1 in favor of http.
https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278
https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278
https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278
We're still looking into options for NAS drives but don't have any specific details I can share. The HTTP share is created by the Sonos app, which NAS drives don't and can't run. I'll make sure to let you all know if there's any news regarding NAS sharing away from SMB1 that I can let you in on in the future.
Thank You.
Can confirm it is working too.
Pete
Many NAS boxes do have the ability to run a web server... it's just a matter of getting things configured in such a way that Sonos would be able to connect to it... like the odd port number, authentication (if any), and any path structure that Sonos might use ahead of the actual folders/files.
Shouldn't be too hard to monitor with something like Wireshark, since it's HTTP. Of course, then getting Sonos to use it as a web service rather than SMB might be the next trick.
Shouldn't be too hard to monitor with something like Wireshark, since it's HTTP. Of course, then getting Sonos to use it as a web service rather than SMB might be the next trick.
I consider this a weird hack to “solve” the issue of Win 10 dropping OOTB support for SMBv1 (for good reason!). We asked for an alternative for SMBv1 since *years*, and now only one months after latest Win 10 version, you deliver a half-baked “solution”. Still, this is a weird hack, implementing a web server inside a client application to allow external (speaker) access to local files. Let us see how long it takes someone finds a security issue inside the Sonos “client”, as I guess Sonos’ development strengths do not necessarily include secure http servers. And what happens next, will the application become a full functional email client (ref: http://www.catb.org/jargon/html/Z/Zawinskis-Law.html)?
Besides all the fuzz: what is so difficult in implementing an SMBv2 or v3 client in Sonos speakers? I guess we all would accept any reasonable answer much more than just no communication and weird hacks/incomplete workarounds.
Jonas
Besides all the fuzz: what is so difficult in implementing an SMBv2 or v3 client in Sonos speakers? I guess we all would accept any reasonable answer much more than just no communication and weird hacks/incomplete workarounds.
Jonas
As long as Sonos does not officially state the name of the actual Linux distro and, more importantly, the kernel version which is running on all of their zone players, we'll never know the particular reason for dodging a much required SMBv2/3 implementation.
Could be insufficient physical memory (at least on older components), a very much outdated kernel version or even a bit of both.
[quote=passopp]
Could be insufficient physical memory (at least on older components), a very much outdated kernel version or even a bit of both.
Considering IPv6 was recently discovered to be present on some newer speakers (namely, those that have been identified as having Airplay support coming soon, though someone found it on a newer Play:1 too), a lack of device resources on older devices is a good possibility for why SMBv1 hasn't been updated to a newer version. Of course, there's also the possibility that they're using multiple kernel versions, with newer devices on a newer version.
And while I know Macs aren't attacked as often as PCs are, this HTTP sharing process has been present with the MacOS Sonos controller for a while now... I scratched the surface of it over 8 months ago, but I think it had already been in use for a few months before then.
Could be insufficient physical memory (at least on older components), a very much outdated kernel version or even a bit of both.
Considering IPv6 was recently discovered to be present on some newer speakers (namely, those that have been identified as having Airplay support coming soon, though someone found it on a newer Play:1 too), a lack of device resources on older devices is a good possibility for why SMBv1 hasn't been updated to a newer version. Of course, there's also the possibility that they're using multiple kernel versions, with newer devices on a newer version.
And while I know Macs aren't attacked as often as PCs are, this HTTP sharing process has been present with the MacOS Sonos controller for a while now... I scratched the surface of it over 8 months ago, but I think it had already been in use for a few months before then.
Sonos Linux source code is available, this post and the next few talk about that:
https://en.community.sonos.com/controllers-software-228995/support-for-smb-v2-or-v3-6787081/index3.html#post16228313
The 8.6 "solution" is no solution at all. NAS users tend to be the audiophiles who were drawn to Sonos for its audio quality and have ginormous libraries on NAS. And Sonos has ignored us for years. In fact, it seems they are preparing to abandon their most committed customers to compete with Echo, Home and HomePod.
But now that they are public, they will probably be more likely to respond to a social media campaign. As posters here know, they've consistency ignored the feedback from these forums. Join me on Twitter and let's see if they respond any differently: https://twitter.com/yobyot/status/1025790462072967169
But now that they are public, they will probably be more likely to respond to a social media campaign. As posters here know, they've consistency ignored the feedback from these forums. Join me on Twitter and let's see if they respond any differently: https://twitter.com/yobyot/status/1025790462072967169
We're still looking into options for NAS drives but don't have any specific details I can share. The HTTP share is created by the Sonos app, which NAS drives don't and can't run. I'll make sure to let you all know if there's any news regarding NAS sharing away from SMB1 that I can let you in on in the future.
Any news? In times of WannaCry Sonos should be much faster...
Like so many others before me, I find myself on these forum threads after having just purchased my first Sonos product and finding out it doesn't support any modern file sharing mechanisms.
Hi everyone, starting with today's update, Sonos 8.6, Windows computers will be able to set up shares to their local libraries to Sonos without using SMB file sharing.
For those of us who can't or don't want to use the Sonos app on the media server, is there any hope of seeing support for a standard like WebDAV, rather than the proprietary Sonos HTTP protocol? I don't even need TLS (in case certificate management is considered a showstopper), since my media is streamed over its own, isolated wired network.
If WebDAV is not on the horizon, as there have been no updates here for the past few months, may I again ask if SMBv2 or SMBv3 are going to be available any time soon?
For those of us who can't or don't want to use the Sonos app on the media server, is there any hope of seeing support for a standard like WebDAV, rather than the proprietary Sonos HTTP protocol? I don't even need TLS (in case certificate management is considered a showstopper), since my media is streamed over its own, isolated wired network.
If WebDAV is not on the horizon, as there have been no updates here for the past few months, may I again ask if SMBv2 or SMBv3 are going to be available any time soon?
I think you'll have time to plant a redwood tree, watch it grow, harvest and dry the lumber and build yourself a new deck for your Sonos to sit on before we hear even an announcement. :-)
Just get a Raspberry Pi and set it up to serve your music and be done with it. Maybe by the time th Pi goes out of support Sonos will have news.
Just get a Raspberry Pi and set it up to serve your music and be done with it. Maybe by the time th Pi goes out of support Sonos will have news.
Thought I would report my recent experience, via twitter @SonosSupport. I asked status of attaching NAS which now does not seem to work unless you use SMB1 (in my case QNAP TS-253B, QTS 4.3.5)
FYI: https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/
Sonos says:
As discussed, the SMB1 security risk should no longer affect us as we have moved over to HTTP sharing now. If your library is still using SMB1, you can remove it and add it to Sonos again but this technically should have automatically happened.
Then:
Apologies. The NAS is still on SMB1, you are correct. We will pass on your request to have this changed to our development team. In the meantime, as we mentioned earlier, you can sync the NAS with Plex and add Plex to your Sonos system.
I tired the PLEX option and found it to be very unreliable. Meh solution by Sonos. We have 1.4TB music library, 5+ Sonos units, use .flac, and really hate "rented" (read further monetized) ugly-compressed streaming. Sure feels like we're doomed, unable to protect music library and Sonos investment.
The extensive posting on this issue demonstrates many unhappy customers. It’s just a huge lapse, frailty. If it’s bad enough for Microsoft to exit SMB1, security risk must be (read IS) pretty bad, and we respectfully request a robust fix urgently.
FYI: https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/
Sonos says:
As discussed, the SMB1 security risk should no longer affect us as we have moved over to HTTP sharing now. If your library is still using SMB1, you can remove it and add it to Sonos again but this technically should have automatically happened.
Then:
Apologies. The NAS is still on SMB1, you are correct. We will pass on your request to have this changed to our development team. In the meantime, as we mentioned earlier, you can sync the NAS with Plex and add Plex to your Sonos system.
I tired the PLEX option and found it to be very unreliable. Meh solution by Sonos. We have 1.4TB music library, 5+ Sonos units, use .flac, and really hate "rented" (read further monetized) ugly-compressed streaming. Sure feels like we're doomed, unable to protect music library and Sonos investment.
The extensive posting on this issue demonstrates many unhappy customers. It’s just a huge lapse, frailty. If it’s bad enough for Microsoft to exit SMB1, security risk must be (read IS) pretty bad, and we respectfully request a robust fix urgently.
Could you point me to one Sonos system that fell victim to this "pretty bad" security risk? Just one.
With the change to HTTP sharing I'm sure SMB 2/3 has fallen even further down the "to do" list at Sonos.
Make up your mind if it is a problem for you or not and then ignore it or mitigate it and quit hoping for a Sonos fix.
Oh, and to make things even easier it is simple to set up a Pi as an SMB v1 repeater for your non-SMB v1 NAS. Pi 0w or A are good enough if you are too broke to get a 3b+.
Make up your mind if it is a problem for you or not and then ignore it or mitigate it and quit hoping for a Sonos fix.
Oh, and to make things even easier it is simple to set up a Pi as an SMB v1 repeater for your non-SMB v1 NAS. Pi 0w or A are good enough if you are too broke to get a 3b+.
I sent a note to Sonos about this on Twitter last night. They responded quickly and directly, but didn't offer any solutions. Apparently we're supposed to enable SMBv1 on Raspberry Pi's and put our home network security at risk? This isn't a solution; it's a hack, and a terrible one. Here's the thread I opened with them: https://twitter.com/SonosSupport/status/1079231302438711296
I don't use a Windows system as a 24x7 server to share content. That's what my low-power, Linux-powered Raspberry Pi devices are for.
When will Sonos get this multi-year issue fixed? This isn't optional. Your customer's security should be priority #1.
I don't use a Windows system as a 24x7 server to share content. That's what my low-power, Linux-powered Raspberry Pi devices are for.
When will Sonos get this multi-year issue fixed? This isn't optional. Your customer's security should be priority #1.
"Oh, no one has fallen victim to this attack vector, so we shouldn't worry about fixing it" ... is that your approach? I sure hope you aren't responsible for securing data anywhere important.
"Oh, no one has fallen victim to this attack vector, so we shouldn't worry about fixing it" ... is that your approach? I sure hope you aren't responsible for securing data anywhere important.
Well I'm certainly not as worried about it until it is documented as actually happening to someone, somewhere, at least once. I also don't put out Bigfoot traps or launch barrage balloons against alien space craft. YMMV.
My understanding is that in order for the SMB vulnerabilities to be exploited either the server needs to be exposed to the internet on port 445 or an attacker needs to have gained access to a local host. If either of those two conditions are met then you have far bigger problems to worry about than having someone delete your copy of the latest Lady Gaga album.
I'm pretty sure that Sonos realizes that everyone that really cares about security has dealt with the SMB v1 issue long ago and all that are left are folks that don't really care and just want to make noise.
I cared, I fixed the issue for me (Pi server) then I fixed the issue better (Pi SMBv1 relay) when a user asked if there was an easier solution than my original. Others that cared have solved it in other ways.
I cared, I fixed the issue for me (Pi server) then I fixed the issue better (Pi SMBv1 relay) when a user asked if there was an easier solution than my original. Others that cared have solved it in other ways.
Date: 2Jan2019
Here is my successful experience (with some feature boundaries) to sharing my NAS based music library downwind of Sonos lack of support for SMB2+ and continued use of the vulnerable SMB1. When MS did the fall 2018 1709 W10 update, I lost NAS based music Library. We use NAS since we prefer use of .flac format, and think music rental via ugly-compressed streaming is not for us. 5+ Sonos units, 1.4 TB music library.
Obsolete vulnerable SMB1 desperately needs support for SMB2+. SONOS: get with the program! Yikes!
Sonos recommended solution was add Plex account to Sonos services, and enable Plex on NAS. This proved pretty unreliable for us. Speculate, maybe too many hops. Bizarre (read poor) Sonos "solution" to SMB1 problem.
Most notable thread on this (among others) IMHO: https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-2-0-protocol-6739642/index1.html?sort=dateline.desc
Wishing to stop using vulnerable SMB1 (personal decision), a few comments:
1) Kudos to Mike V (S in IOT stands for Security - LOL) who posted about this alternative approach.
2) Long time lifetime-license MediaMonkey Gold user (https://www.mediamonkey.com).
3) We do not use iTunes to manage Library on W10, and have no Macs.
4) Not an IT guy, just self-taught gizmo-intrigued n00b music fan.
5) This approach requires both some thought and MediaMonkey experience. It's not elegant.
MediaMonkey (MM) is used as music library manager including rip to NAS share as .flac, playlist builder tool, among many other MM features. Three NAS back-ups, one off-site. MM knows and manages music library.
NAS: QNAP TS-253B, QTS 4.3.5, SMB1 disabled. Reference:
https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/
On the following, YMMV depending on your configuration:
Install MM on W10 machine (in our case, an HTPC) which is on all the time (yep, that's necessary to be seamless to Sonos). Go ahead, buy a license for MM Gold version. IMHO, I like MediaMonkey because it lets me set options to manage music library my way. Unsure if all this works on free version.
You must add NAS-based music library to MM: File>Add/Rescan file to library. In my case, I pasted the music library path from W10 Explorer into the field at bottom of this window since picking path up from Network choices (above in this window) has been kinda wonky for me. The scan may take a few hours if you've a big library. You can watch scan process down at bottom of MM window. Not a big deal for me since we were already using MM.
In MM: Tools>Options>Library>Media Sharing (UPnP/DLNA), move over to right window pane.
In my case the MediaMonkey Library is listed. Check the box to left of listing. Then highlight and single click this listing of the Library. Click on the Options button. Check the Update counter box and the Share automatically with all new devices box.
In the pane below UPnP devices are listed. They are listed by Enabled status, MAC address, IP address, and name. In my case, several Linux Sonos devices are listed which seem to be those on which I have Sonos controller software/apps installed, e.g. ZP-120, Windows, iPad, iPhone. Make sure the enabled check box for each is checked. Then click OK button at bottom of this window, and window closes.
Then click OK at bottom of Options window.
In Sonos, (iOS iPad/iPhone) More>Settings>Advanced Settings>Show UPnP/DLNA Servers Enabled. I could not find this feature in W10 Sonos controller; posts suggest it used to be in File>Preferences but this now appears to be absent in W10 Sonos Controller v9.3, Build109822974 (did not try Android or Mac versions).
In Sonos, Browse>MediaMonkey Library (W10 MM machine name is listed)>Music and drill down to folder/sort you want. You can drill down via Location option to follow NAS music location path, having made MM aware of NAS library path (above.) Here is feature limitation: It looks to me like individual songs (filenames) must be added to Sonos Queue. No play Artist, Album, etc. in-one-shot capability. Once individual tunes are added, Sonos queue can be edited, played consistent with typical Sonos capability.
I'm thinking this approach avoids web hops and SMB1 vulnerability. I recognize this may serve as further incentive for Sonos to not fix NAS access which has been a long featured capability. Seems like such a premium product oughta get you to a NAS, streaming world (perhaps naively) aside.
Here is my successful experience (with some feature boundaries) to sharing my NAS based music library downwind of Sonos lack of support for SMB2+ and continued use of the vulnerable SMB1. When MS did the fall 2018 1709 W10 update, I lost NAS based music Library. We use NAS since we prefer use of .flac format, and think music rental via ugly-compressed streaming is not for us. 5+ Sonos units, 1.4 TB music library.
Obsolete vulnerable SMB1 desperately needs support for SMB2+. SONOS: get with the program! Yikes!
Sonos recommended solution was add Plex account to Sonos services, and enable Plex on NAS. This proved pretty unreliable for us. Speculate, maybe too many hops. Bizarre (read poor) Sonos "solution" to SMB1 problem.
Most notable thread on this (among others) IMHO: https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-2-0-protocol-6739642/index1.html?sort=dateline.desc
Wishing to stop using vulnerable SMB1 (personal decision), a few comments:
1) Kudos to Mike V (S in IOT stands for Security - LOL) who posted about this alternative approach.
2) Long time lifetime-license MediaMonkey Gold user (https://www.mediamonkey.com).
3) We do not use iTunes to manage Library on W10, and have no Macs.
4) Not an IT guy, just self-taught gizmo-intrigued n00b music fan.
5) This approach requires both some thought and MediaMonkey experience. It's not elegant.
MediaMonkey (MM) is used as music library manager including rip to NAS share as .flac, playlist builder tool, among many other MM features. Three NAS back-ups, one off-site. MM knows and manages music library.
NAS: QNAP TS-253B, QTS 4.3.5, SMB1 disabled. Reference:
https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/
On the following, YMMV depending on your configuration:
Install MM on W10 machine (in our case, an HTPC) which is on all the time (yep, that's necessary to be seamless to Sonos). Go ahead, buy a license for MM Gold version. IMHO, I like MediaMonkey because it lets me set options to manage music library my way. Unsure if all this works on free version.
You must add NAS-based music library to MM: File>Add/Rescan file to library. In my case, I pasted the music library path from W10 Explorer into the field at bottom of this window since picking path up from Network choices (above in this window) has been kinda wonky for me. The scan may take a few hours if you've a big library. You can watch scan process down at bottom of MM window. Not a big deal for me since we were already using MM.
In MM: Tools>Options>Library>Media Sharing (UPnP/DLNA), move over to right window pane.
In my case the MediaMonkey Library is listed. Check the box to left of listing. Then highlight and single click this listing of the Library. Click on the Options button. Check the Update counter box and the Share automatically with all new devices box.
In the pane below UPnP devices are listed. They are listed by Enabled status, MAC address, IP address, and name. In my case, several Linux Sonos devices are listed which seem to be those on which I have Sonos controller software/apps installed, e.g. ZP-120, Windows, iPad, iPhone. Make sure the enabled check box for each is checked. Then click OK button at bottom of this window, and window closes.
Then click OK at bottom of Options window.
In Sonos, (iOS iPad/iPhone) More>Settings>Advanced Settings>Show UPnP/DLNA Servers Enabled. I could not find this feature in W10 Sonos controller; posts suggest it used to be in File>Preferences but this now appears to be absent in W10 Sonos Controller v9.3, Build109822974 (did not try Android or Mac versions).
In Sonos, Browse>MediaMonkey Library (W10 MM machine name is listed)>Music and drill down to folder/sort you want. You can drill down via Location option to follow NAS music location path, having made MM aware of NAS library path (above.) Here is feature limitation: It looks to me like individual songs (filenames) must be added to Sonos Queue. No play Artist, Album, etc. in-one-shot capability. Once individual tunes are added, Sonos queue can be edited, played consistent with typical Sonos capability.
I'm thinking this approach avoids web hops and SMB1 vulnerability. I recognize this may serve as further incentive for Sonos to not fix NAS access which has been a long featured capability. Seems like such a premium product oughta get you to a NAS, streaming world (perhaps naively) aside.
Come On Sonos.
Lets get the outdated SMB v1 protocol updated to v2.
Surely the years of people moaning about it are enough to prompt some action.
Lets get the outdated SMB v1 protocol updated to v2.
Surely the years of people moaning about it are enough to prompt some action.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.