SMB1 still required in 2021 for music shares?

  • 6 February 2021
  • 35 replies
  • 3796 views

Userlevel 2

As reported in many other topics apparently it's still necessary to use SMB1 for playing music from a Synology Diskstation system? It's now 2021 and I just had to change the settings on my diskstation to allow the unsecure SMB1 in order to be able to add a shared folder to my Sonos music library.

Sonos seems to be closing all topics on this forum about this subject for further comments, but is not addressing the problem?


35 replies

Userlevel 7
Badge +22

I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:

Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.

Userlevel 7
Badge +21

I think the forum software locks older inactive topics, check the last post and last post date.

SMBv1 security isn’t really an issue, If you really care about it you’d use either a dedicated SMBv1 NAS or a NAS to SMBv1 gateway  and remove the security issue.

Userlevel 1
Badge +1

I’ve been getting frustrated with Sonos for two reasons, #1, Sonos’s lack of security and #2 the S2 app. Not sure what is going on with Sonos but 3 years ago this company, the app etc was awesome and now it seems like its heading south.  

Userlevel 7
Badge +22

I’ve been getting frustrated with Sonos for two reasons, #1, Sonos’s lack of security and #2 the S2 app. Not sure what is going on with Sonos but 3 years ago this company, the app etc was awesome and now it seems like its heading south.  


Yeah totally going south: https://investors.sonos.com/news-and-events/investor-news/latest-news/2020/Sonos-Reports-Record-Fourth-Quarter-and-Fiscal-2020-Results/

Userlevel 1
Badge +1

So whats your point?  Facebook makes millions of dollars also but doesn’t change the fact that it sucks. 

SMBv1 security isn’t really an issue, If you really care about it you’d use either a dedicated SMBv1 NAS or a NAS to SMBv1 gateway  and remove the security issue.

So if it isn’t an issue, why would you have to go to additional trouble and expense to protect your system?

I don’t see why you keep apologising for Sonos… We all understand how it’s come about but failing to fix it in S2 software, where all compatible devices have plenty of storage, is very poor indeed…

I chose to use a sacrificial NAS and take the hit on cost. I don’t see why a normal user should have to run  an extra server and learn linux just to have a secure system.

Alternatively, I can run a music server on my Synology NAS and cast to a CCA or even the Sonos devices themselves without using SMBv1. Just shows how out of date Sonos is, IMHO.

If I’m honest, I’d expect a £500 S2 speaker sold today to have every connection method under the sun and to meet modern security standards.

It’s disappointing that Sonos ignores this issue, but not unexpected. Over the years I have purchased 17 Sonos products, used almost exclusively to play music from Synology NASs. I too, have had to sacrifice one NAS purely to cater for the lack of security in Sonos’ system. 

Allied to the trade-in “offer” a year or so ago which basically asked for more cash to upgrade my system so it would continue to function in this unsecure way, I came to the decision that my significant investment in Sonos kit is at an end. I’ve ringfenced it (which was not in the plan when I bought it) and will use it until the whole thing is bricked and look elsewhere for my music requirements. I’ll have no truck with a company that doesn’t have its customers’ security at the forefront of its development efforts.

Curious as to how you know Sonos is ignoring the issue. Do you have inside knowledge of engineering tasks assigned, or are you basing that statement merely on the fact that they haven’t exposed, as usual, what they’re working on? I don’t know either way, but would love confirmation if you do indeed have some insider knowledge. 

I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:

Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.

in my humble opinion this assumption has not been confirmed by SONOS - let us just hope Synology will not drop SMBv1 support some day

 
 
Userlevel 2
Badge +1

I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:

Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.

in my humble opinion this assumption has not been confirmed by SONOS - let us just hope Synology will not drop SMBv1 support some day

 
 

At present, the next major release of DSM, DSM 7, has dropped support for SMB1. There is currently a workaround, but I wouldn’t count on it for release, or for long term support. See - https://community.synology.com/enu/forum/20/post/139200

Userlevel 7
Badge +21

There are other work-around options, a NAS to SMB v1 gateway on a Raspberry Pi Zero W is my favorite solution.

Far better in my opinion than enabling SMB v1 on your NAS.

I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:

Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.

in my humble opinion this assumption has not been confirmed by SONOS - let us just hope Synology will not drop SMBv1 support some day

 
 

At present, the next major release of DSM, DSM 7, has dropped support for SMB1. There is currently a workaround, but I wouldn’t count on it for release, or for long term support. See - https://community.synology.com/enu/forum/20/post/139200

Thanks for the heads up Dave. I rest my case. Besides the poor NAS support, SONOS has also failed to provide adequate Apple Music playlist support for macOS users. Moreover, the SONOS playlists lack comprehensive resume functionality. 

 

I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?

I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?


Same here, it is not acceptable. I am looking for an alternative product to Sonos.

I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?


Same here, it is not acceptable. I am looking for an alternative product to Sonos.

Perhaps see this LINK

I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?


Same here, it is not acceptable. I am looking for an alternative product to Sonos.

Perhaps see this LINK


Thank you Ken. Unfortunately I own a Play:5 S1, I have to surrender to the idea of not using it for my local playlist anymore, or opting for a CIFS gateway with a Raspberry. Or again, make an investment in a new product.

I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?


Same here, it is not acceptable. I am looking for an alternative product to Sonos.

Perhaps see this LINK


Thank you Ken. Unfortunately I own a Play:5 S1, I have to surrender to the idea of not using it for my local playlist anymore, or opting for a CIFS gateway with a Raspberry. Or again, make an investment in a new product.

Why not just buy something sacrificial, instead of using your Synology? Much cheaper than changing your Sonos kit for something else - and much easier to set up than the raspberry option.

I use a cheap NAS - it’s been running virtually non-stop for 10 years, now. When it fails I’ll just slot another cheap one in running SMB1.

Userlevel 7
Badge +21

I originally went the “cheap NAS” route, soon discovered WD had abandoned it and wasn’t providing security updates. I felt it wasn’t safe to leave on line at that point.

If you look at the Pi SMB v1 setup instructions it is dead simple and only takes a few minutes. The Pi is designed to keep getting security and other updates for the foreseeable future.

SMB v1 Gateway

No big deal which way you go aside from enabling SMB v1 on a NAS holding important data. That is a non-starter in my opinion.

I originally went the “cheap NAS” route, soon discovered WD had abandoned it and wasn’t providing security updates. I felt it wasn’t safe to leave on line at that point.

I can’t say that I’m overly bothered - it’s not exposed to the outside world, so they need to get into my network first.

No big deal which way you go aside from enabling SMB v1 on a NAS holding important data. That is a non-starter in my opinion.

Absolutely - all my non-Sonos data is on a much more secure Synology.

 

 

Userlevel 7
Badge +21

If you can put a firewall rule set in place to keep your SMB v1 NAS off the Internet completely that is a reasonable choice.

The problem with a lot of these devices is that they want access to remote servers/services and are aggravating in various ways if they don’t get it. Some stuff you can spoof to a local server like NTP but other stuff is more difficult or impossible to spoof.

Userlevel 2

The best solution is to use Plex, instead of a fileshare.

this have the bonus of providing access from a phone or desktop pc to the music library everywhere.

Airgetlam, I know that Sonos is ignoring the SMBv1 security issue because SMBv2 was released by Microsoft in 2006.  It’s been 15 years.  If they were going to provide SMBv2 support, they would have done so by now.

There are several misconceptions that I see throughout these threads regarding SMB v1, v2, and v3 with regards to Sonos (and Denon, too).  The first misconception is that Sonos has to change the protocol on all their old devices.  What kind of development roadmap and product-line architecture prevents you from introducing improvements into new products because your old products can’t support them.  Sonos (and Denon) could let new products support SMBv2, while older units continue to support only SMBv1.  The new units could even support both v2 and v1.  This would allow owners of old Sonos products to work with a NAS that supports SMBv1, and new Sonos products to work with a NAS that supports SMBv2.  Sucks for owners of older Sonos products, though.

The second misconception is that a NAS can support only one version of SMB.  That is certainly not true for Synology DSM.  DSM 7 allows you to configure the minimum supported version of SMB as low as v1, with a default of v2. The maximum version is v3.

The third misconception is that SMBv2 is more complex than SMBv1.  Actually, in some ways it is less so.  SMBv1 has over 100 commands and subcommands.  SMBv2 has just 19.  SMBv2 also eliminates many of the underlying protocols that SMBv1 supports:  NetBIOS over IPX, NetBIOS over UDP and NetBEUI.

The fourth misconception is that a separate NAS just for streaming to Sonos is secure because it limits the vulnerability just to this single-purpose NAS.  Unfortunately, having any SMBv1 devices on your LAN compromises the entire LAN.

I’ve been thinking about an SMB gateway running on a Raspberry Pi that accesses an SMB v2 or v3 share (from a NAS), and re-shares it as SMBv1 (for shameful speaker-manufacturers’ products).  With a firewall on this host configured to allow access only to the NAS and the Sonos devices it might provide reasonable security, but I haven’t finished my evaluation.  It would be very important, though, to ensure that no other devices on the LAN have access to this gateway.

I think that Sonos’s (and Denon’s) failure to provide SMBv2 support in new products is very disrespectful to their customers.  As with many companies that don’t really understand security (or even the need for security), they think it’s OK to ignore their customers’ security needs as long as sales are good.  For shame.

@rbandes,

Have you not seen this, posted by another user here with regards to a reply from Sonos CEO on this topic?

https://en.community.sonos.com/advanced-setups-229000/smb1-security-issue-lack-of-response-from-sonos-6860761?postid=16551779#post16551779

 

Airgetlam, I know that Sonos is ignoring the SMBv1 security issue because SMBv2 was released by Microsoft in 2006.  It’s been 15 years.  If they were going to provide SMBv2 support, they would have done so by now.

There are several misconceptions that I see throughout these threads regarding SMB v1, v2, and v3 with regards to Sonos (and Denon, too).  The first misconception is that Sonos has to change the protocol on all their old devices.  What kind of development roadmap and product-line architecture prevents you from introducing improvements into new products because your old products can’t support them.  Sonos (and Denon) could let new products support SMBv2, while older units continue to support only SMBv1.  The new units could even support both v2 and v1.  This would allow owners of old Sonos products to work with a NAS that supports SMBv1, and new Sonos products to work with a NAS that supports SMBv2.  Sucks for owners of older Sonos products, though.

The second misconception is that a NAS can support only one version of SMB.  That is certainly not true for Synology DSM.  DSM 7 allows you to configure the minimum supported version of SMB as low as v1, with a default of v2. The maximum version is v3.

The third misconception is that SMBv2 is more complex than SMBv1.  Actually, in some ways it is less so.  SMBv1 has over 100 commands and subcommands.  SMBv2 has just 19.  SMBv2 also eliminates many of the underlying protocols that SMBv1 supports:  NetBIOS over IPX, NetBIOS over UDP and NetBEUI.

The fourth misconception is that a separate NAS just for streaming to Sonos is secure because it limits the vulnerability just to this single-purpose NAS.  Unfortunately, having any SMBv1 devices on your LAN compromises the entire LAN.

I’ve been thinking about an SMB gateway running on a Raspberry Pi that accesses an SMB v2 or v3 share (from a NAS), and re-shares it as SMBv1 (for shameful speaker-manufacturers’ products).  With a firewall on this host configured to allow access only to the NAS and the Sonos devices it might provide reasonable security, but I haven’t finished my evaluation.  It would be very important, though, to ensure that no other devices on the LAN have access to this gateway.

I think that Sonos’s (and Denon’s) failure to provide SMBv2 support in new products is very disrespectful to their customers.  As with many companies that don’t really understand security (or even the need for security), they think it’s OK to ignore their customers’ security needs as long as sales are good.  For shame.

 

I don't know where you are getting these "misconceptions" from, but it's not here.  Nobody ever stated them.  Matter of fact, the fact that S2 will allow Sonos to upgrade to a higher version of SMB was expressly stated as one of the benefits of the S2 split.

Userlevel 7
Badge +17

In the Sonos system all speakers need to be on the same software. That’s probably why you can’t have some speakers on SMBv1 and others on v2.

Reply