As reported in many other topics apparently it's still necessary to use SMB1 for playing music from a Synology Diskstation system? It's now 2021 and I just had to change the settings on my diskstation to allow the unsecure SMB1 in order to be able to add a shared folder to my Sonos music library.
Sonos seems to be closing all topics on this forum about this subject for further comments, but is not addressing the problem?
SMBv1 security isn’t really an issue, If you really care about it you’d use either a dedicated SMBv1 NAS or a NAS to SMBv1 gateway and remove the security issue.
So if it isn’t an issue, why would you have to go to additional trouble and expense to protect your system?
I don’t see why you keep apologising for Sonos… We all understand how it’s come about but failing to fix it in S2 software, where all compatible devices have plenty of storage, is very poor indeed…
I chose to use a sacrificial NAS and take the hit on cost. I don’t see why a normal user should have to run an extra server and learn linux just to have a secure system.
Alternatively, I can run a music server on my Synology NAS and cast to a CCA or even the Sonos devices themselves without using SMBv1. Just shows how out of date Sonos is, IMHO.
If I’m honest, I’d expect a £500 S2 speaker sold today to have every connection method under the sun and to meet modern security standards.
I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?
Same here, it is not acceptable. I am looking for an alternative product to Sonos.
Perhaps see this LINK
Thank you Ken. Unfortunately I own a Play:5 S1, I have to surrender to the idea of not using it for my local playlist anymore, or opting for a CIFS gateway with a Raspberry. Or again, make an investment in a new product.
Why not just buy something sacrificial, instead of using your Synology? Much cheaper than changing your Sonos kit for something else - and much easier to set up than the raspberry option.
I use a cheap NAS - it’s been running virtually non-stop for 10 years, now. When it fails I’ll just slot another cheap one in running SMB1.
I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?
It’s disappointing that Sonos ignores this issue, but not unexpected. Over the years I have purchased 17 Sonos products, used almost exclusively to play music from Synology NASs. I too, have had to sacrifice one NAS purely to cater for the lack of security in Sonos’ system.
Allied to the trade-in “offer” a year or so ago which basically asked for more cash to upgrade my system so it would continue to function in this unsecure way, I came to the decision that my significant investment in Sonos kit is at an end. I’ve ringfenced it (which was not in the plan when I bought it) and will use it until the whole thing is bricked and look elsewhere for my music requirements. I’ll have no truck with a company that doesn’t have its customers’ security at the forefront of its development efforts.
So whats your point? Facebook makes millions of dollars also but doesn’t change the fact that it sucks.
Have you not seen this, posted by another user here with regards to a reply from Sonos CEO on this topic?
Curious as to how you know Sonos is ignoring the issue. Do you have inside knowledge of engineering tasks assigned, or are you basing that statement merely on the fact that they haven’t exposed, as usual, what they’re working on? I don’t know either way, but would love confirmation if you do indeed have some insider knowledge.
+23
I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:
Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.
One problem with Plex as a workaround is that even if your NAS and your Sonos are on the same LAN, and you do *not* desire to be able to access your music externally, Plex doesn’t work if you don’t allow outside connections from the public Internet. Which IMHO is a stupid design decision that unnecessarily compromises security.
Airgetlam, I know that Sonos is ignoring the SMBv1 security issue because SMBv2 was released by Microsoft in 2006. It’s been 15 years. If they were going to provide SMBv2 support, they would have done so by now.
There are several misconceptions that I see throughout these threads regarding SMB v1, v2, and v3 with regards to Sonos (and Denon, too). The first misconception is that Sonos has to change the protocol on all their old devices. What kind of development roadmap and product-line architecture prevents you from introducing improvements into new products because your old products can’t support them. Sonos (and Denon) could let new products support SMBv2, while older units continue to support only SMBv1. The new units could even support both v2 and v1. This would allow owners of old Sonos products to work with a NAS that supports SMBv1, and new Sonos products to work with a NAS that supports SMBv2. Sucks for owners of older Sonos products, though.
The second misconception is that a NAS can support only one version of SMB. That is certainly not true for Synology DSM. DSM 7 allows you to configure the minimum supported version of SMB as low as v1, with a default of v2. The maximum version is v3.
The third misconception is that SMBv2 is more complex than SMBv1. Actually, in some ways it is less so. SMBv1 has over 100 commands and subcommands. SMBv2 has just 19. SMBv2 also eliminates many of the underlying protocols that SMBv1 supports: NetBIOS over IPX, NetBIOS over UDP and NetBEUI.
The fourth misconception is that a separate NAS just for streaming to Sonos is secure because it limits the vulnerability just to this single-purpose NAS. Unfortunately, having any SMBv1 devices on your LAN compromises the entire LAN.
I’ve been thinking about an SMB gateway running on a Raspberry Pi that accesses an SMB v2 or v3 share (from a NAS), and re-shares it as SMBv1 (for shameful speaker-manufacturers’ products). With a firewall on this host configured to allow access only to the NAS and the Sonos devices it might provide reasonable security, but I haven’t finished my evaluation. It would be very important, though, to ensure that no other devices on the LAN have access to this gateway.
I think that Sonos’s (and Denon’s) failure to provide SMBv2 support in new products is very disrespectful to their customers. As with many companies that don’t really understand security (or even the need for security), they think it’s OK to ignore their customers’ security needs as long as sales are good. For shame.
Airgetlam, I know that Sonos is ignoring the SMBv1 security issue because SMBv2 was released by Microsoft in 2006. It’s been 15 years. If they were going to provide SMBv2 support, they would have done so by now.
There are several misconceptions that I see throughout these threads regarding SMB v1, v2, and v3 with regards to Sonos (and Denon, too). The first misconception is that Sonos has to change the protocol on all their old devices. What kind of development roadmap and product-line architecture prevents you from introducing improvements into new products because your old products can’t support them. Sonos (and Denon) could let new products support SMBv2, while older units continue to support only SMBv1. The new units could even support both v2 and v1. This would allow owners of old Sonos products to work with a NAS that supports SMBv1, and new Sonos products to work with a NAS that supports SMBv2. Sucks for owners of older Sonos products, though.
The second misconception is that a NAS can support only one version of SMB. That is certainly not true for Synology DSM. DSM 7 allows you to configure the minimum supported version of SMB as low as v1, with a default of v2. The maximum version is v3.
The third misconception is that SMBv2 is more complex than SMBv1. Actually, in some ways it is less so. SMBv1 has over 100 commands and subcommands. SMBv2 has just 19. SMBv2 also eliminates many of the underlying protocols that SMBv1 supports: NetBIOS over IPX, NetBIOS over UDP and NetBEUI.
The fourth misconception is that a separate NAS just for streaming to Sonos is secure because it limits the vulnerability just to this single-purpose NAS. Unfortunately, having any SMBv1 devices on your LAN compromises the entire LAN.
I’ve been thinking about an SMB gateway running on a Raspberry Pi that accesses an SMB v2 or v3 share (from a NAS), and re-shares it as SMBv1 (for shameful speaker-manufacturers’ products). With a firewall on this host configured to allow access only to the NAS and the Sonos devices it might provide reasonable security, but I haven’t finished my evaluation. It would be very important, though, to ensure that no other devices on the LAN have access to this gateway.
I think that Sonos’s (and Denon’s) failure to provide SMBv2 support in new products is very disrespectful to their customers. As with many companies that don’t really understand security (or even the need for security), they think it’s OK to ignore their customers’ security needs as long as sales are good. For shame.
I don't know where you are getting these "misconceptions" from, but it's not here. Nobody ever stated them. Matter of fact, the fact that S2 will allow Sonos to upgrade to a higher version of SMB was expressly stated as one of the benefits of the S2 split.
+17
In the Sonos system all speakers need to be on the same software. That’s probably why you can’t have some speakers on SMBv1 and others on v2.
So with the new Update 13.4 its Support now SMB2 and SMB3.
“If you have problems with album covers: I have them too. Obviously they are not quite finished with SMB2 and SMB3, because otherwise you would have announced the possibility in a big way. The Sonos 13.4 changelog only officially included other improvements”
Source: https://stadt-bremerhaven.de/sonos-unterstuetzt-endlich-smb2-und-smb3/
for those who want to try it, I have SMBv2 working fine with my Synology NAS - see my post here
The best solution is to use Plex, instead of a fileshare.
this have the bonus of providing access from a phone or desktop pc to the music library everywhere.
I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?
Same here, it is not acceptable. I am looking for an alternative product to Sonos.
I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?
Same here, it is not acceptable. I am looking for an alternative product to Sonos.
Perhaps see this LINK
I just upgraded to DSM 7and had to search the internet after my music share stopped working. Why has Sonos not fixed this yet ?
Same here, it is not acceptable. I am looking for an alternative product to Sonos.
Perhaps see this LINK
Thank you Ken. Unfortunately I own a Play:5 S1, I have to surrender to the idea of not using it for my local playlist anymore, or opting for a CIFS gateway with a Raspberry. Or again, make an investment in a new product.
Ideally, it’s a far better option to upgrade/switch to the new S2 Sonos system as soon as practicable.
I would do that, but I have a Sonos Connect that can’t upgrade to S2. Yes, I am aware that I could split my system in two, and upgrade the rest, but that would pretty much be removing the whole point of Sonos and rendering the Connect fairly useless. If they flipped the 30/70 discount on a trade-in (that is, if I could pay 30% of the new price, rather than just getting a 30% discount), I might consider it, even though the unnecessary e-waste would still be regrettable.
+23
I’ve been getting frustrated with Sonos for two reasons, #1, Sonos’s lack of security and #2 the S2 app. Not sure what is going on with Sonos but 3 years ago this company, the app etc was awesome and now it seems like its heading south.
Yeah totally going south: https://investors.sonos.com/news-and-events/investor-news/latest-news/2020/Sonos-Reports-Record-Fourth-Quarter-and-Fiscal-2020-Results/
+22
Why not work around the SMBv1 issue by using a NAS to Sonos / SMBv1 gateway?
I’d go with a Pi Zero 2 these days, about $15 if you go for a sale.
I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:
Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.
in my humble opinion this assumption has not been confirmed by SONOS - let us just hope Synology will not drop SMBv1 support some day
At present, the next major release of DSM, DSM 7, has dropped support for SMB1. There is currently a workaround, but I wouldn’t count on it for release, or for long term support. See - https://community.synology.com/enu/forum/20/post/139200
Thanks for the heads up Dave. I rest my case. Besides the poor NAS support, SONOS has also failed to provide adequate Apple Music playlist support for macOS users. Moreover, the SONOS playlists lack comprehensive resume functionality.
I am not aware of Sonos closing any thread on this dead-horse-beating topic. The largest thread I think is this one:
Sonos has shown no signs of addressing this problem, correct. Because, I assume, too few customers use NAS devices to make it worth their while, and there are other work-arounds available.
in my humble opinion this assumption has not been confirmed by SONOS - let us just hope Synology will not drop SMBv1 support some day
Yes, this is ridiculous. But don’t just complain here, complain directly to Sonos.
Sadly, they no longer accept email at support@sonos.com
You can open a real time chat, which is mildly annoying. The person claimed “This case will be added on the list of customers that have the same concern.” I have no clue if that’s a lie or not, but it can’t hurt to try.
I’ve been getting frustrated with Sonos for two reasons, #1, Sonos’s lack of security and #2 the S2 app. Not sure what is going on with Sonos but 3 years ago this company, the app etc was awesome and now it seems like its heading south.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
