Best answer by Phil.Coleman
View original
Support for SMB v2 or v3
Userlevel 3
With all the recent reports and issues with the WannaCry ransomware I wanted to restrict use of SMB v1 on my home network. My NAS blocks this to the outside world but I wanted to secure things internally as well. I can configure the NAS to not support SMB v1 but this then prevents the Sonos controller app from seeing the share. When will Sonos support later versions of SMB? I had seen another thread on this somewhere and it sounded like it wasn't going anywhere. Is it possible to get an update on this please.
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.
Page 4 / 5
Userlevel 4
+2
Whilst I appreciate some of the concerns here, as far as I am concerned the known SMB V1 vulnerabilities have patches available. All you need to do is apply the patches and leave SMB V1 available.
Vendor advice to disable it, if you don't need it, makes a lot of sense. Same applies for any other protocol or service. But you do need it, so get patched and carry on as before.
Vendor advice to disable it, if you don't need it, makes a lot of sense. Same applies for any other protocol or service. But you do need it, so get patched and carry on as before.
Userlevel 7
+21
Your speakers aren't insecure themselves. But if you connect your Sonos system to a music library stored on your computer or a Network Attached Storage (NAS) device, the connection to that music library is using a version of SMB that is full of vulnerabilities and attacks, and that Microsoft itself has recommended everyone stop using because of the vulnerabilities that exist in it. So Sonos is requiring that you run other devices in an insecure manner in order to use that functionality of Sonos.
But if you do all of your music listening through streaming sources and don't have your own local music library, then there's nothing for you to worry about, as far as Sonos is concerned.
Userlevel 7
+20
That said I 'm not only angry, I will even tell everyone around me to stop buying sonos!
For my education, could you outline the specific risks I'm facing in allowing my Sonos equipment to continue to utilise SMB v1 while connecting to the NAS on my Apple Time Capsule? In what way are my speakers 'totally insecure'? Or does the insecurity apply only to Microsoft's products? Thanks.
I contacted support but they just DON'T CARE! They even said that just using it at home, and now it comes, IS NO RISK AT ALL!
That said I 'm not only angry, I will even tell everyone around me to stop buying sonos!
That said I 'm not only angry, I will even tell everyone around me to stop buying sonos!
Same here - was going to buy some Play1's for surround sound under the recent offer but my main use-case is SMB access to a Windows 2012 server that (for obvious reasons) now has SMB v1 disabled. I've got just over 1.1 TB of FLAC files on there that the Sonos can no longer access. Every CD / Vinyl I buy goes straight onto there (the latter using an M-Audio FireWire device and Audacity software)
I was thinking on buying some more Sonos speaker, but when they are totally unsecure and there is no change in sight, I even think about selling them again. Even if these are good speakers, but not even supporting SMBv2 ist unjustifiable!!! Especially when not only security advisors but even Microsoft explains this in detail!
Sigh.
Userlevel 1
My set of speakers has largely remained unused for the three years I've had them. Evidently VLANs are another decades old technology that are too challenging for Sonos to figure out. I finally figured out how to overcome that hurdle, but now ridding my network of SMB1 has rendered them useless again. It may be too late already, but Sonos is really alienating a lot of current and potential customers. People like me who have discovered the wonders of sub $50 Chromecast Audio adapters.
Userlevel 3
Sonos,
1) Linux has supported SMBv2 for a number of years now, SMBv3 is also supported
2) As per the above statement, the ability to update the Sonos SMB support should not really be too difficult at all ... the libraries are out there. Update your Linux kernel if necessary and then the SAMBA version
3) The September / October Windows 10 Fall release that disables SMB v1 by default is just around the corner. I sure hope that the solution is NOT to turn it back on and make your customers less secure and reliant on 30+ year old technology
4) Your silence regarding this issue is unacceptable / communication with your customers instills trust ... that is definitely not what you're doing
5) Please respond with a real solution, not a workaround
Thanks,
Robert
1) Linux has supported SMBv2 for a number of years now, SMBv3 is also supported
2) As per the above statement, the ability to update the Sonos SMB support should not really be too difficult at all ... the libraries are out there. Update your Linux kernel if necessary and then the SAMBA version
3) The September / October Windows 10 Fall release that disables SMB v1 by default is just around the corner. I sure hope that the solution is NOT to turn it back on and make your customers less secure and reliant on 30+ year old technology
4) Your silence regarding this issue is unacceptable / communication with your customers instills trust ... that is definitely not what you're doing
5) Please respond with a real solution, not a workaround
Thanks,
Robert
Userlevel 7
+22
Reading all of this SMBv1 security stuff got me thinking that just having it on an isolated LAN segment might not be enough and there could still be issues with my server. The solution for me is that I moved my Sonos music over to a Raspberry Pi computer with nothing of value on it to worry about. That let me disable the SMB on my server box.
I'm hoping whatever Sonos decides to do here gets done before Microsoft pulls the plug, that would be ugly.
I'm hoping whatever Sonos decides to do here gets done before Microsoft pulls the plug, that would be ugly.
It won't be a Patch Tuesday, but Windows Fall/Autumn edition will disable it by default.
Of course you can look at the Windows Sonos Controller and come to the conclusion that really no-one cares about Windows clients any more ...
Userlevel 2
+3
Another day (June 27th), another massive attack using the SMBv1 vulnerability. Microsoft reiterated the "Disable SMBv1" for all users, corporate AND home. I bet that an upcoming Patch Tuesday will turn off SMBv1 BY DEFAULT ... which would result in a FLOOD of support issues as every Sonos user with a music library finds that it has stopped working.
Acknowledged: some "legacy" NAS boxes use SMBv1.
Solution: Sonos moves to SMBv3.
Ideal solution: Sonos moves to SMBv3 AND offers a checkbox to revert back to SMBv1 under Advanced Settings.
Staying on SMBv1 puts Sonos users at risk as we cannot follow Microsoft's strong advice to disable SMBv1. Staying on SMBv1 puts SONOS at risk of universal customer backlash should Microsoft disable SMBv1 in a Patch Tuesday.
Acknowledged: some "legacy" NAS boxes use SMBv1.
Solution: Sonos moves to SMBv3.
Ideal solution: Sonos moves to SMBv3 AND offers a checkbox to revert back to SMBv1 under Advanced Settings.
Staying on SMBv1 puts Sonos users at risk as we cannot follow Microsoft's strong advice to disable SMBv1. Staying on SMBv1 puts SONOS at risk of universal customer backlash should Microsoft disable SMBv1 in a Patch Tuesday.
Userlevel 7
+21
If the computer doesn't have SMBv1 enabled, then your Sonos devices - which are what actually do the indexing of your music library - won't be able to connect to your computer. That might explain why the controller comes back with "Not responding" when you try to add the folders (maybe the controller is waiting for a response from the Sonos device(s) that they're able to connect and are in the process of indexing the music), but the controller itself is only telling your Sonos devices to connect to your computer, it's not actually doing anything with your music.
BTW, a little motivation for Sonos to finally upgrade... Microsoft will be disabling SMBv1 in the Windows 10 update that will hit this fall, expected around October or November. It should be noted that this will be for NEW installations of Windows 10 (new computers, clean reinstallations, etc.)... upgrade/update installations will continue to have SMBv1 enabled if it had not been disabled by the user.
Maybe a little more motivation... Microsoft is maintaining a list of products that require SMBv1, so they can tell people NOT to buy those products. Yes, Sonos is on that list.
BTW, a little motivation for Sonos to finally upgrade... Microsoft will be disabling SMBv1 in the Windows 10 update that will hit this fall, expected around October or November. It should be noted that this will be for NEW installations of Windows 10 (new computers, clean reinstallations, etc.)... upgrade/update installations will continue to have SMBv1 enabled if it had not been disabled by the user.
Maybe a little more motivation... Microsoft is maintaining a list of products that require SMBv1, so they can tell people NOT to buy those products. Yes, Sonos is on that list.
OK I understand that Sonos has sadly become one of those companies that will only make changes if it brings in revenue, and hence why they have not bothered to enhance their code to support SMB2.
However, will a computer hosting *local files* with SMBv1 disabled (as Windows disables SMBv1 by default as it is so exploitable) be totally unusable by Sonos devices? i.e. When I try to add local folders on that machine to my library and it continually fails with the "not responding" message.
However, will a computer hosting *local files* with SMBv1 disabled (as Windows disables SMBv1 by default as it is so exploitable) be totally unusable by Sonos devices? i.e. When I try to add local folders on that machine to my library and it continually fails with the "not responding" message.
I'll be happy to pull out my pom-poms and cheerleading uniform when Sonos delivers the goods, not sooner. 🆒
And there it is, the personal attack.
For your info, I've been posting for 9 years. That's less than 4 posts a day, the majority of which are helping people. But hey, attacking the messenger instead of the message is always an effective way to argue. :8
... posted by someone with 13000+ posts. LOL. I guess it's OK to be obsessive as long as one only takes the side of the company, eh? 😃
I'll be happy to pull out my pom-poms and cheerleading uniform when Sonos delivers the goods, not sooner. 🆒
I'll be happy to pull out my pom-poms and cheerleading uniform when Sonos delivers the goods, not sooner. 🆒
Yeah, i figured you'd say that. Doesn't change the fact your narrative is nonsense when conronted with the fact they acknowledged the problem and stated they are looking into options. That response alone is more indicative of their intentions than 99% of every other response, which usually says "we will pass this on to the engineers."
And as an engineer, cheerleading may not help, but obsessed posters who exaggerate the threat and constantly harp on one thing are a definite negative, resulting in placating rather than taking action, and are the very reason the phrase "fire the customer" was invented.
And as an engineer, cheerleading may not help, but obsessed posters who exaggerate the threat and constantly harp on one thing are a definite negative, resulting in placating rather than taking action, and are the very reason the phrase "fire the customer" was invented.
Not particularly. Awareness != commitment to fix the issue. They can explore an issue all day and do nothing about it. Cheerleading will not make the issue go away.
You forgot to add:
1b) Sonos makes no true commitment on 99% of the requests here, and AndyB from Sonos specifically stated in another thread that this issue has not gone unheard and options are being explored at this time:
https://en.community.sonos.com/troubleshooting-228999/sonos-smb-implementation-error-900-when-adding-music-library-6765736/index1.html
Kinda throws a wrench in your little narrative, eh?
1b) Sonos makes no true commitment on 99% of the requests here, and AndyB from Sonos specifically stated in another thread that this issue has not gone unheard and options are being explored at this time:
Hi th3bigguy - I don't have an update to provide at this time on when we'll be moving away from using SMBv1 for music library sharing. Our customers concerns around the vulnerability of SMBv1 have not gone unheard and we are exploring alternate options. When I do have a bit more to share, I'll come back and update this thread.
https://en.community.sonos.com/troubleshooting-228999/sonos-smb-implementation-error-900-when-adding-music-library-6765736/index1.html
Kinda throws a wrench in your little narrative, eh?
Let's recap: 1) there is a known security risk that the original developer alerted the industry to years ago. 2) Users have allegedly asked Sonos about upgrading the SMB stack for several years now 3) Sonos has made no commitment to fix a known security risk for which there multiple known solutions. You might find this behavior acceptable in your relentless defense of the company, I'm simply puzzled by it.
To me, requiring customers to dumb down their server security carries enormous reputation risk if something does go wrong and many customers are affected by an exploit. I recognize that users are responsible for their own server settings and have to live with whatever security decisions they made but it would be great if Sonos made a commitment to be part of the solution rather than a potential enabler for the problems associated with SMB1 security.
To me, requiring customers to dumb down their server security carries enormous reputation risk if something does go wrong and many customers are affected by an exploit. I recognize that users are responsible for their own server settings and have to live with whatever security decisions they made but it would be great if Sonos made a commitment to be part of the solution rather than a potential enabler for the problems associated with SMB1 security.
Sonos makes zero commitment to 99% of the requests on this forum, then they will show up on a release, sometimes years later. Once again, you have no information on what Sonos is or is not working on, and therefore shouldn't be making definitive statements.
I believe it was discontinued because it gave Sonos information overload.
Sonos has made zero commitment in these forums regarding this feature request, one that is allegedly 3 years old.
I have no way of verifying whether it's been three years or not but Microsoft has been pretty vocal about dropping SMB1 and NTLM v1 in particular for several years now. Presumably, the folk at Sonos who do the network stack development are aware said stance and the potential consequences of not offering SMB2 support.
Requiring customers to dumb down the security of their servers to use a product doesn't seem particularly helpful. No server I'm aware of allows customers to selectively enable/disable SMB1 on a per share basis, but I'm happy to be wrong. At least for FreeNAS, it seems to be an all or nothing thing. Forums for Synoloy, QNAP, etc. also document how to revert a server to SMB1 after server software upgrades disable SMB1 support by default.
I'm not advocating for Sonos to abandon SMB1 and only use SMB2+, as that might impact their users negatively. But giving users the option of using SMB2+ would be great. There was a time when feature requests could be reviewed/logged at ask.sonos.com. Any idea what happened to that since you seem to know so much about the company and its policies?
I have no way of verifying whether it's been three years or not but Microsoft has been pretty vocal about dropping SMB1 and NTLM v1 in particular for several years now. Presumably, the folk at Sonos who do the network stack development are aware said stance and the potential consequences of not offering SMB2 support.
Requiring customers to dumb down the security of their servers to use a product doesn't seem particularly helpful. No server I'm aware of allows customers to selectively enable/disable SMB1 on a per share basis, but I'm happy to be wrong. At least for FreeNAS, it seems to be an all or nothing thing. Forums for Synoloy, QNAP, etc. also document how to revert a server to SMB1 after server software upgrades disable SMB1 support by default.
I'm not advocating for Sonos to abandon SMB1 and only use SMB2+, as that might impact their users negatively. But giving users the option of using SMB2+ would be great. There was a time when feature requests could be reviewed/logged at ask.sonos.com. Any idea what happened to that since you seem to know so much about the company and its policies?
Constatin, you have no idea whether Sonos is "putting off" anything. Sonos is very tight lipped as to what is being worked on, and anyone who does know is bound by an NDA. For all you or I know, the very next Sonos release could contain support for other versions of SMB, so you definitively stating that Sonos is putting it off is pure speculation and negativity.
AFAIK, current versions of Windows server as well as FreeNAS ship with SMB1 and NTLM v1 authentication turned off by default. They have to be manually enabled.
Page 4 / 5
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.