Answered

Support for SMB v2 or v3


Userlevel 3
With all the recent reports and issues with the WannaCry ransomware I wanted to restrict use of SMB v1 on my home network. My NAS blocks this to the outside world but I wanted to secure things internally as well. I can configure the NAS to not support SMB v1 but this then prevents the Sonos controller app from seeing the share. When will Sonos support later versions of SMB? I had seen another thread on this somewhere and it sounded like it wasn't going anywhere. Is it possible to get an update on this please.
icon

Best answer by Phil.Coleman 15 May 2017, 20:48

View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

110 replies

Userlevel 7
Badge +21
If Sonos enables SMB v2/3 support what kind of rebate program do you think they should offer for folks that have their Sonos gear obsoleted by the update?



Close to 90% of the original Zone Players and Gen 1 Play 5s are still in service if I recall correctly, that is going to be a LOT of rebate checks or deeply discounted new devices. Gonna hurt the bottom line pretty bad.
My vote on SMBv3 support: +1
Userlevel 7
Badge +21
If you find yourself needing to care there are much better things to care about than Sonos and SMB v1.



I'm glad you aren't worried about older Sonos gear being made obsolete to cater to a few folks quibbles. I on the other hand feel that my investment in older Sonos gear (new when I got it) is better served by Sonos not bricking it.



Starting a new thread to tell Sonos how to spend their money seems like another great idea, that may upon reflection have some shortcomings.
Why would it prompt any action by Sonos?



Most folks don't care.

Most of the few folks that do care have dealt with the problem already.

The grief in supporting SMB 2/3 would not result in enough more sales to make it worth doing.

Adding SMB 2/3 would likely move the older Sonos speakers and players closer to obsolescence triggering another CR-100 mess.




I agree this would not create sales, but really people should care. This is part of a wider issue of Internet connected device security.



And having a moan makes me feel better after spending two hours trying to "fix" access to my music library following a Freenas update that removed support for the outdated protocol SMB1



Normally I would have moaned about this elsewhere (Freenas forums in this instance), but this is a SONOS issue. Mess or not they should be working out how to get rid of SMB1 to allow NAS users to use Sonos without a "workaround" which either lowers the security of my network or requires me to move my entire library onto an alternate storage location.



The overall point is exactly what you have touched upon - The older Sonos speakers are moving towards obsolescence.



How Sonos as a company and owners like myself deal with this is perhaps a discussion for a new thread?


Spamming is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same site



Airgetlam - just for your information.




And you are repeating the same post over and over on a site.
Ah, I see. You're just spamming the boards in order to make a point. I get it. I'm sure Sonos will look at each post as a separate request.



Spamming is the use of messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same site



Airgetlam - just for your information.
Userlevel 7
Badge +21
Why would it prompt any action by Sonos?



Most folks don't care.

Most of the few folks that do care have dealt with the problem already.

The grief in supporting SMB 2/3 would not result in enough more sales to make it worth doing.

Adding SMB 2/3 would likely move the older Sonos speakers and players closer to obsolescence triggering another CR-100 mess.
Ah, I see. You're just spamming the boards in order to make a point. I get it. I'm sure Sonos will look at each post as a separate request.
Come On Sonos.



Lets get the outdated SMB v1 protocol updated to v2.



Surely the years of people moaning about it are enough to prompt some action.
Userlevel 3
Badge +1
Date: 2Jan2019



Here is my successful experience (with some feature boundaries) to sharing my NAS based music library downwind of Sonos lack of support for SMB2+ and continued use of the vulnerable SMB1. When MS did the fall 2018 1709 W10 update, I lost NAS based music Library. We use NAS since we prefer use of .flac format, and think music rental via ugly-compressed streaming is not for us. 5+ Sonos units, 1.4 TB music library.



Obsolete vulnerable SMB1 desperately needs support for SMB2+. SONOS: get with the program! Yikes!



Sonos recommended solution was add Plex account to Sonos services, and enable Plex on NAS. This proved pretty unreliable for us. Speculate, maybe too many hops. Bizarre (read poor) Sonos "solution" to SMB1 problem.



Most notable thread on this (among others) IMHO: https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-2-0-protocol-6739642/index1.html?sort=dateline.desc



Wishing to stop using vulnerable SMB1 (personal decision), a few comments:

1) Kudos to Mike V (S in IOT stands for Security - LOL) who posted about this alternative approach.

2) Long time lifetime-license MediaMonkey Gold user (https://www.mediamonkey.com).

3) We do not use iTunes to manage Library on W10, and have no Macs.

4) Not an IT guy, just self-taught gizmo-intrigued n00b music fan.

5) This approach requires both some thought and MediaMonkey experience. It's not elegant.



MediaMonkey (MM) is used as music library manager including rip to NAS share as .flac, playlist builder tool, among many other MM features. Three NAS back-ups, one off-site. MM knows and manages music library.



NAS: QNAP TS-253B, QTS 4.3.5, SMB1 disabled. Reference:

https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/



On the following, YMMV depending on your configuration:



Install MM on W10 machine (in our case, an HTPC) which is on all the time (yep, that's necessary to be seamless to Sonos). Go ahead, buy a license for MM Gold version. IMHO, I like MediaMonkey because it lets me set options to manage music library my way. Unsure if all this works on free version.



You must add NAS-based music library to MM: File>Add/Rescan file to library. In my case, I pasted the music library path from W10 Explorer into the field at bottom of this window since picking path up from Network choices (above in this window) has been kinda wonky for me. The scan may take a few hours if you've a big library. You can watch scan process down at bottom of MM window. Not a big deal for me since we were already using MM.



In MM: Tools>Options>Library>Media Sharing (UPnP/DLNA), move over to right window pane.



In my case the MediaMonkey Library is listed. Check the box to left of listing. Then highlight and single click this listing of the Library. Click on the Options button. Check the Update counter box and the Share automatically with all new devices box.



In the pane below UPnP devices are listed. They are listed by Enabled status, MAC address, IP address, and name. In my case, several Linux Sonos devices are listed which seem to be those on which I have Sonos controller software/apps installed, e.g. ZP-120, Windows, iPad, iPhone. Make sure the enabled check box for each is checked. Then click OK button at bottom of this window, and window closes.

Then click OK at bottom of Options window.



In Sonos, (iOS iPad/iPhone) More>Settings>Advanced Settings>Show UPnP/DLNA Servers Enabled. I could not find this feature in W10 Sonos controller; posts suggest it used to be in File>Preferences but this now appears to be absent in W10 Sonos Controller v9.3, Build109822974 (did not try Android or Mac versions).



In Sonos, Browse>MediaMonkey Library (W10 MM machine name is listed)>Music and drill down to folder/sort you want. You can drill down via Location option to follow NAS music location path, having made MM aware of NAS library path (above.) Here is feature limitation: It looks to me like individual songs (filenames) must be added to Sonos Queue. No play Artist, Album, etc. in-one-shot capability. Once individual tunes are added, Sonos queue can be edited, played consistent with typical Sonos capability.



I'm thinking this approach avoids web hops and SMB1 vulnerability. I recognize this may serve as further incentive for Sonos to not fix NAS access which has been a long featured capability. Seems like such a premium product oughta get you to a NAS, streaming world (perhaps naively) aside.
Userlevel 7
Badge +21
I'm pretty sure that Sonos realizes that everyone that really cares about security has dealt with the SMB v1 issue long ago and all that are left are folks that don't really care and just want to make noise.



I cared, I fixed the issue for me (Pi server) then I fixed the issue better (Pi SMBv1 relay) when a user asked if there was an easier solution than my original. Others that cared have solved it in other ways.
Userlevel 2
Badge +1
My understanding is that in order for the SMB vulnerabilities to be exploited either the server needs to be exposed to the internet on port 445 or an attacker needs to have gained access to a local host. If either of those two conditions are met then you have far bigger problems to worry about than having someone delete your copy of the latest Lady Gaga album.
Could you point me to one Sonos system that fell victim to this "pretty bad" security risk? Just one.



"Oh, no one has fallen victim to this attack vector, so we shouldn't worry about fixing it" ... is that your approach? I sure hope you aren't responsible for securing data anywhere important.




Well I'm certainly not as worried about it until it is documented as actually happening to someone, somewhere, at least once. I also don't put out Bigfoot traps or launch barrage balloons against alien space craft. YMMV.
Userlevel 1
Badge
Could you point me to one Sonos system that fell victim to this "pretty bad" security risk? Just one.



"Oh, no one has fallen victim to this attack vector, so we shouldn't worry about fixing it" ... is that your approach? I sure hope you aren't responsible for securing data anywhere important.
Userlevel 1
Badge
I sent a note to Sonos about this on Twitter last night. They responded quickly and directly, but didn't offer any solutions. Apparently we're supposed to enable SMBv1 on Raspberry Pi's and put our home network security at risk? This isn't a solution; it's a hack, and a terrible one. Here's the thread I opened with them: https://twitter.com/SonosSupport/status/1079231302438711296



I don't use a Windows system as a 24x7 server to share content. That's what my low-power, Linux-powered Raspberry Pi devices are for.



When will Sonos get this multi-year issue fixed? This isn't optional. Your customer's security should be priority #1.
Userlevel 7
Badge +21
With the change to HTTP sharing I'm sure SMB 2/3 has fallen even further down the "to do" list at Sonos.



Make up your mind if it is a problem for you or not and then ignore it or mitigate it and quit hoping for a Sonos fix.



Oh, and to make things even easier it is simple to set up a Pi as an SMB v1 repeater for your non-SMB v1 NAS. Pi 0w or A are good enough if you are too broke to get a 3b+.
Could you point me to one Sonos system that fell victim to this "pretty bad" security risk? Just one.
Userlevel 3
Badge +1
Thought I would report my recent experience, via twitter @SonosSupport. I asked status of attaching NAS which now does not seem to work unless you use SMB1 (in my case QNAP TS-253B, QTS 4.3.5)



FYI: https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/



Sonos says:

As discussed, the SMB1 security risk should no longer affect us as we have moved over to HTTP sharing now. If your library is still using SMB1, you can remove it and add it to Sonos again but this technically should have automatically happened.



Then:

Apologies. The NAS is still on SMB1, you are correct. We will pass on your request to have this changed to our development team. In the meantime, as we mentioned earlier, you can sync the NAS with Plex and add Plex to your Sonos system.



I tired the PLEX option and found it to be very unreliable. Meh solution by Sonos. We have 1.4TB music library, 5+ Sonos units, use .flac, and really hate "rented" (read further monetized) ugly-compressed streaming. Sure feels like we're doomed, unable to protect music library and Sonos investment.



The extensive posting on this issue demonstrates many unhappy customers. It’s just a huge lapse, frailty. If it’s bad enough for Microsoft to exit SMB1, security risk must be (read IS) pretty bad, and we respectfully request a robust fix urgently.
Userlevel 7
Badge +21
I think you'll have time to plant a redwood tree, watch it grow, harvest and dry the lumber and build yourself a new deck for your Sonos to sit on before we hear even an announcement. :-)



Just get a Raspberry Pi and set it up to serve your music and be done with it. Maybe by the time th Pi goes out of support Sonos will have news.
Userlevel 1
Like so many others before me, I find myself on these forum threads after having just purchased my first Sonos product and finding out it doesn't support any modern file sharing mechanisms.



Hi everyone, starting with today's update, Sonos 8.6, Windows computers will be able to set up shares to their local libraries to Sonos without using SMB file sharing.



For those of us who can't or don't want to use the Sonos app on the media server, is there any hope of seeing support for a standard like WebDAV, rather than the proprietary Sonos HTTP protocol? I don't even need TLS (in case certificate management is considered a showstopper), since my media is streamed over its own, isolated wired network.



If WebDAV is not on the horizon, as there have been no updates here for the past few months, may I again ask if SMBv2 or SMBv3 are going to be available any time soon?
For those of us not using Windows to share our libraries, can we expect an update to HTTPS or SMB 2/3 or are we locked in at smb1?

We're still looking into options for NAS drives but don't have any specific details I can share. The HTTP share is created by the Sonos app, which NAS drives don't and can't run. I'll make sure to let you all know if there's any news regarding NAS sharing away from SMB1 that I can let you in on in the future.




Any news? In times of WannaCry Sonos should be much faster...
The 8.6 "solution" is no solution at all. NAS users tend to be the audiophiles who were drawn to Sonos for its audio quality and have ginormous libraries on NAS. And Sonos has ignored us for years. In fact, it seems they are preparing to abandon their most committed customers to compete with Echo, Home and HomePod.



But now that they are public, they will probably be more likely to respond to a social media campaign. As posters here know, they've consistency ignored the feedback from these forums. Join me on Twitter and let's see if they respond any differently: https://twitter.com/yobyot/status/1025790462072967169
Userlevel 7
Badge +21
As long as Sonos does not officially state the name of the actual Linux distro and, more importantly, the kernel version which is running on all of their zone players, we'll never know the particular reason for dodging a much required SMBv2/3 implementation.



Sonos Linux source code is available, this post and the next few talk about that:



https://en.community.sonos.com/controllers-software-228995/support-for-smb-v2-or-v3-6787081/index3.html#post16228313
Userlevel 7
Badge +21
[quote=passopp]

Could be insufficient physical memory (at least on older components), a very much outdated kernel version or even a bit of both.


Considering IPv6 was recently discovered to be present on some newer speakers (namely, those that have been identified as having Airplay support coming soon, though someone found it on a newer Play:1 too), a lack of device resources on older devices is a good possibility for why SMBv1 hasn't been updated to a newer version. Of course, there's also the possibility that they're using multiple kernel versions, with newer devices on a newer version.



And while I know Macs aren't attacked as often as PCs are, this HTTP sharing process has been present with the MacOS Sonos controller for a while now... I scratched the surface of it over 8 months ago, but I think it had already been in use for a few months before then.




Besides all the fuzz: what is so difficult in implementing an SMBv2 or v3 client in Sonos speakers? I guess we all would accept any reasonable answer much more than just no communication and weird hacks/incomplete workarounds.



Jonas




As long as Sonos does not officially state the name of the actual Linux distro and, more importantly, the kernel version which is running on all of their zone players, we'll never know the particular reason for dodging a much required SMBv2/3 implementation.



Could be insufficient physical memory (at least on older components), a very much outdated kernel version or even a bit of both.