My Sonos Connect can no longer play any music following an update to the SMB package on my Synology drive.
I’ve followed the guides about setting up the appropriate SMB1 access allowing NTLM access, but when I try and connect, I just get “access denied” even though my S2 products are pointed at the same share.
The NAS logs show the S1 product connecting but the Sonos app is throwing the error.
Has anyone else experienced this and does anyone have a solution?
Best answer by dlipetz
View originalI’m not sure whether this is an option on Synology drives, but instead of downgrading one could add “unix extensions = no” to the smb.conf file. Samba 4.15 includes a security change that makes this addition needed for some devices (old Linux Kernels).
Just to add to this thread. My Synology is running v7.2 and it would not allow me to install the downgraded v4.10 it insisted that v4.15 was the minimum allowed, But the quoted solution appears to have worked with the edit in the config file.
Thanks to all in the community who are so active providing answers to those of us who only come when there is a problem.
+1 that this works and, i believe, a preferred solution over uninstalling and downgrading the smb.
although it has been confirmed that this work by plm and vijay, there’s a lot more talk about the downgrading, so i’ll add another confirmation in hopes that it raises the awareness of this (imho preferred) solution.
in my search for a solution here, i did happen upon plex. i’ve now configured the plex service for playing my music from synology. (essentially bounces through plex when needed, but establishes a local connection when possible). if you haven’t tried it, you might consider doing so. i hesitatingly did it. however plex has some capabilities that sonos’s music management is woefully poor at. it’s not perfect, but at this point now that i have both working, i’m trying to evaluate which i prefer, and there’s a lot leaning towards plex.
I’m not sure whether this is an option on Synology drives, but instead of downgrading one could add “unix extensions = no” to the smb.conf file. Samba 4.15 includes a security change that makes this addition needed for some devices (old Linux Kernels).
Just to add to this thread. My Synology is running v7.2 and it would not allow me to install the downgraded v4.10 it insisted that v4.15 was the minimum allowed, But the quoted solution appears to have worked with the edit in the config file.
Thanks to all in the community who are so active providing answers to those of us who only come when there is a problem.
I found this thread this morning after updating my DS918+ yesterday and not being able to use my Sonos (all S1) Connects. Fortunately I found a solution on Reddit, but I thought I’d paste here for others who have this issue.
The solution is simply to downgrade the Synology SMB package from 4.15.x (Apr-2023) to 4.10.x. I used the final version of 4.10 (4.10.18-0548 dated 22-Dec-2022). You can download individual packages from Synology’s archive here: https://archive.synology.com/download/Package/SMBService
sudo -i
synopkg stop SMBService
synopkg uninstall SMBServiceThis takes only a few minutes and, for me, it restored my Sonos capability. YMMV. Obviously make sure you have appropriate backups in place.
Moderator edit: added space to “sudo -i”
Do you happen to know if this also works on the latest DSM 7.2 releases? I’m still on 7.1 and did the downgrade of the SMB package but I would like to have the newer features of 7.2 without losing my Sonos music access.
spent almost 1hr on phone top sonos, in the end just said synology firmeware issue with above 7.0 version, call them to help you roll back from version 7.2 which i am on..
As Outburst has mentioned, all cybersecurity is about risk assessment. Downgrading is an all-or-nothing exercise. You fix the issue leading to the downgrade decision, but you also lose any other benefits of the release. When new upgrades are released will you have to keep downgrading? I don’t know how Synology decide to apply an upgrade to answer this question. What other vulnerabilities addressed by an upgrade are you also sacrificing? You would have to read the release notes to determine that, if such detailed release notes are available.
A configuration change is much easier to apply or undo, plus you get all the benefits of any other improvements included in the upgrade. You can (should) assess the impact of the configuration option to ensure that you are ok with the consequences of the change. The day Sonos fix the problem in Sonos 1, or you upgrade all your Sonos devices, it is simple to undo the configuration change.
I think that’s a question you can’t really fully answer, but personally I think it’s safer to have a newer Samba version and change the smb.conf file because the newer Samba version will have other security and bug fixes that you would otherwise not have.
And yes, it’s a global setting, but it should not affect Windows shares assuming you use SMB2/3 for those machines. This is a setting only valid for SMB1 as far as I remember.
Outburst’s solution to add “unix extensions=no” to /etc/samba/smb.conf on the Synology NAS worked like a charm for me. Remember to “sudo synopkg restart SMBService” to put the change into effect.
Hi Vijay or Outburst,
has this workaround got any security protection advantage over running the downgraded SMBService, ie. are we more protected than when we were running SMB1?
It looks like that config change has global effect. ie affects all Windows connections to the NAS, not just connection our Music Share.
What app are you using? I’ve been looking for an app that would play my latest additions to the music collection for years! Smart lists that play tracks I’ve never listened to and random lists that exclude certain tracks I don’t like but I don’t delete to keep the album complete.
Hi Ivo_4,
I wrote the app.
I sent you a PM, so we can discuss elsewhere.
Outburst’s solution to add “unix extensions=no” to /etc/samba/smb.conf on the Synology NAS worked like a charm for me. Remember to “sudo synopkg restart SMBService” to put the change into effect.
Collecting becomes pointless without smart playlists and browsing indices, that enable shrinking the collection to a smaller scale when the mood requires, eg.
* just albums that I have not heard for a year and a half
* or jazz albums that I brought in the last 2 years, which I have played less than 5 times
My app:
* detects and identifies everything I play on Sonos, and separates it from tracks played by other household members
* it aggregates these plays, with tracks that it has identified that I have played, away from home, on non-Sonos equipment
* all play data is fed into a MediaMonkey database, from which I can browse, and|or publish album level playlists for use in Sonos and elsewhere, or to sync albums into my mobile devices.
What app are you using? I’ve been looking for an app that would play my latest additions to the music collection for years! Smart lists that play tracks I’ve never listened to and random lists that exclude certain tracks I don’t like but I don’t delete to keep the album complete.
Or did you write your own personal app?
I find the logic unusual. Sonos operated under one operating system from 2005 until S2 was released in August of 2020. Why would they need to bring out this supposed S3 so soon?
You think that the S2 controller is new? I have limited experience with it, but I don’t think so.
I think that it is just the old controller, which has been allowed to expend its footprint so that they could apply some overdue patches to accommodate the 21st century, like half decent security and Hi Res tracks.
I think that the only thing “new” about it is its name.
You know more than that?
I believe this because the switch to S2 had negligible impact upon community projects which click into Sonos s/w internals. The only significant change that I remember is that there was a change to the way the external music service authentication was handled.
Also I seem to remember reading an interview with Patrick Spence that hinted towards a new controller.
I’d be interested (though maybe not in this topic) in your solution for using a large (more than 65k?) music collection on Sonos?
Hi 106rallye, no, that is not my issue. I have not reached that limit. I have just cracked 50k tracks
My issue is that it is hard to relate to a large collection without some computer assistance.
If I look at my collection, I will always find an album to play while I am still looking just in the A's.
Collecting becomes pointless without smart playlists and browsing indices, that enable shrinking the collection to a smaller scale when the mood requires, eg.
* just albums that I have not heard for a year and a half
* or jazz albums that I brought in the last 2 years, which I have played less than 5 times
* etc
Yeah, and I know that collecting albums is pointless anyway 😉, but it is hard to break the habit and hobby of a lifetime.
My app:
* detects and identifies everything I play on Sonos, and separates it from tracks played by other household members
* it aggregates these plays, with tracks that it has identified that I have played, away from home, on non-Sonos equipment
* all play data is fed into a MediaMonkey database, from which I can browse, and|or publish album level playlists for use in Sonos and elsewhere, or to sync albums into my mobile devices.
So sorry.
You could load your collection overflow up to a streaming service, and stream it from there.
eg. Youtube allows you to upload up to 100,000 tracks. You can play your own tracks via their web clients (ad free and also offline), or using Sonos.
I loaded all my tracks up to Google back in the Google Play Music days. At that time it was free to store, and stream from 60k of your own tracks. They auto-transcoded to 320bps mp3 copies. I see that the limit has expanded, and they allow flac files now. All of my tracks got migrated to YouTube, so I think it is still free although I do have a F1 account, so I am not sure.
I find the logic unusual. Sonos operated under one operating system from 2005 until S2 was released in August of 2020. Why would they need to bring out this supposed S3 so soon?
Hi all,
I understand that Synology does’t want to use an old protocol or service that can be exploited, but I also don’t want to spend too much money on upgrading my Sonos system to S2. What will be next year, S3? So I will dig up an old rpi that I can use as a SMB bridge between v1 and 3 and leave that somewhere running in my network. My NAS isn’t exposed to the internet and I keep all incoming port closed on my firewall, so the risk is minimal. Switching to a rpi based NAS and a SSD HD like the Samsung T7 is also to be considered.
I tried out the work around for the 65K max issue using a small program to make m3u4u index files from a separate music volume with less played music. It seems to work, only downside is that you need a good folder structure as there is no search or artist/song etc. listing possible. That’s not a big issue for me as my music catalog has a good file structure.
+17
I’d be interested (though maybe not in this topic) in your solution for using a large (more than 65k?) music collection on Sonos?
Hi Stan,
thanks for your workaround recipe. That’s what I was looking for.
I don’t currently have my NAS at risk, because I use the workaround that I posted earlier in this thread, ie. I queue to my older Sonos units by grouping them behind newer model Sonos zones. It works, but it is limiting.
As it happens I do have a Raspberry Pi with Samba etc, that I use to monitor and obtain my Sonos system activities. I am not too Linux literate, but I should be able to work through your posts and get your work around going. If I have difficulty, I will get back you via the comments section over at the platform where you published your blog. Thanks!
I did suspect that something could be done using the Rpi, but I didn’t grasp the mechanics of it.
I would migrate to S2, but enjoyment of my Sonos system is dependant upon my s/w which subscribes to events published by the UPnP backbone in the Sonos controller. The company don’t support community activities at that level, and they don’t allow for the backing out of any Sonos “update” that disturbs things. So I decided to cut myself adrift until such time that they publish something relevant to my use case. I am still in the world of a large personal music collection, and they left that behind a long time ago, so I am not holding my breath while waiting.
+22
I wouldn’t put my primary NAS at risk by allowing SMB v1 but there are many other fairly simple solutions to providing SMB v1 connections to your music so you can safely use the antique S1 only Sonos units.
An inexpensive SMB v1 NAS, like a Raspberry Pi or the many clones works for many. A bit more interesting is an SMB v1 gateway to your primary NAS music collection.
Sorry you haven’t seen my many posts on the work-around options: (both a bit dated but should work)
SMB v1 Gateway https://stan-miller.livejournal.com/357.html
SMB v1 NAS for Sonos https://stan-miller.livejournal.com/650.html
There are also many posts here discussing the memory limits with explanations that are simple to follow or with technical data that most aren’t interested in. You can of course do your own research both on the internal Sonos memory and the requirements for the current Linux code and Samba server code.
Hi Ivo,
this is just my opinion, but I don’t believe that Sonos have any intention of fixing this issue.
They have long claimed that the early Sonos units have insufficient memory to allow upgrade to the more secure version of the s/w component that is causing the connection problem.
I don’t know if this is factual, but anyway they have long since stopped upgrading their S1 controller. My guess is that the latest “upgrade” is just another downgrade, ie. it removes the capability to play local tracks, on an android device, to your Sonos units.
The connection “problem” has been with us for a long time. Previously the Sonos Apologists in this forum have said that it is not a real-world problem, and that it can be readily worked around. In the past I have asked for the recipe for that workaround, but I have not seen any response to that.
What has happened now is that Synology, unlike the Sonos S1 controller, have continued evolving their package. They have zero interest is leaving their units open to exploitation, and they have follow best practice to protect their reputation and their customers’ data.
I don’t to know enough to understand exactly how serious this problem is. You can research it yourself by searching “smb1 vulnerability”.
eg “Do NOT use SMBv1. SMB1 lacks encryption, is inefficient, and has been exploited in the wild by ransomware attacks.” from here
The Sonos S1 controller uses SMB1
Is the SMB downgrade still working with 7.2 or did the latest Sonos app update solve the issue?
Thanks for the downgrade hack, it worked. I did have to reboot in between stop and uninstall, could not uninstall without it. Let’s hope this will work with the latest OS update 7.2.
I have the same problem after upgrading the SMB package on my Synology NAS.
I will look at the fix described by DuncanF later (thanks!) , but in the meantime I got the unit playing by the following:
That gets the music happening again.
YES! You brilliant man, DuncanF!! THANK YOU!!!
I raised a support ticket with Synology and after several emails with support here is their response to this issue:
After investigating the issue, we have found that the problem is caused by the default server response of Samba v.4.15 to a specific client command (SET_FS_INFO) sent by the Sonos S1 device. Synology has followed the specification from Samba and has not implemented a proprietary solution, meaning that any SMB server that uses open-source Samba version 4.15 may encounter this same issue.
By adding unix extensions=no as a default option in the Samba configuration file would make the NAS less secure and therefore is not a viable solution. We fully understand that updating to SONOS S2 is not financially viable for many users, and we apologise for any inconvenience caused. However, we would like to assure you that we take security very seriously, and therefore cannot sacrifice security for backward compatibility.
So it appears the only solution is either staying or downgrading to a previous version of SMB on Synology or modifying the SMBService config file as described previously.
YES!!! Everything works! THANK YOU!!!
Perfect solution, thanks a lot!
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
