SMB2 (or SMB3) support must be supported NOW!


Userlevel 5
Badge +2
We are writing summer 2019 and still Sonos only supports SMB version 1 for the Music Library share.



This is not acceptable.



A file share running SMB1 is extremely vulnerable to all the variants of cryptolocker virus that exists today. File share servers (NAS, Windows, Apple OS) can only support one version of SMB - so you cannot from the same box have one file share (for Sonos) using SMB1 and the other file shares using SMB2 or SMB3. This way Sonos puts each and every file share at serious risc - just because they don’t update their file share protocol to comply with this century.



And for the record - the “solution” through PLEX is not a solution. Unstable at best.

281 replies

If you update your SONOS system to S2, it will be able to use SMB2 or SMB3..

Baa! I’m still on S1 :-(

Yes, I know S1 isn’t getting updates, but it’s still a shame it can’t be getting security updates.

 

The kernel S1 is built on predates SMB 2, and there's no way to update the kernel given the memory limit.

Userlevel 3
Badge

Baa! I’m still on S1 :-(

Yes, I know S1 isn’t getting updates, but it’s still a shame it can’t be getting security updates.

Userlevel 7
Badge +17

Hello everyone, thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

@Ralph Bolton 

I’ll just add my 2 cents, and say “me too” - I also have an extensive NAS-based media collection which I’d like to be able to play with my Sonos gear (without resorting to SMB1).

I can serve it all up via Plex, but I’d also much prefer a (simple) http solution - it’s a pretty trivial amount of code for Sonos to write, they already have lots of HTTP handling in their code, so have all the libraries in place. They now just need the will to do it.

Requiring SMB1 as a pre-requisite to play local music ought to be illegal. It’s at the very least amateur-hour hobby-kit level of operation - not something a premium brand should be anywhere near.

 

Nice rant.  Too bad it's about 2 and a half years past its expiration date.

Userlevel 7
Badge +18

I’ll just add my 2 cents, and say “me too” - I also have an extensive NAS-based media collection which I’d like to be able to play with my Sonos gear (without resorting to SMB1).

I can serve it all up via Plex, but I’d also much prefer a (simple) http solution - it’s a pretty trivial amount of code for Sonos to write, they already have lots of HTTP handling in their code, so have all the libraries in place. They now just need the will to do it.

Requiring SMB1 as a pre-requisite to play local music ought to be illegal. It’s at the very least amateur-hour hobby-kit level of operation - not something a premium brand should be anywhere near.

I thought additional SMB support has been around for a while:

 

Userlevel 3
Badge

I’ll just add my 2 cents, and say “me too” - I also have an extensive NAS-based media collection which I’d like to be able to play with my Sonos gear (without resorting to SMB1).

I can serve it all up via Plex, but I’d also much prefer a (simple) http solution - it’s a pretty trivial amount of code for Sonos to write, they already have lots of HTTP handling in their code, so have all the libraries in place. They now just need the will to do it.

Requiring SMB1 as a pre-requisite to play local music ought to be illegal. It’s at the very least amateur-hour hobby-kit level of operation - not something a premium brand should be anywhere near.

Hello 

Sorry I need help, i changed my NAS412 to NAS920 Synology. New NAS ist SW Version 7. Now the NAS cannot be connected to the sonos. I already read the different hints. SMB1 Protokoll or activate LTNMv1. I tried all, but i cannot connect. Access is not granted please check user and PW. in German Zugriff auf Freigabe … Verweiger prüfe Benutzer und/oder Kennwort. I am sure the User and PW is correct. -  the following string i tried \\192.168.1.201\music als with the Servername \\NAS920\music 

Can someone help, i want to integrate my music folder again. Thx.

Klicken Sie in der Systemsteuerung Ihres Synology NAS auf Benutzer & Gruppe. Wählen Sie den Benutzer aus, der Zugriff auf Ihre Musik benötigt, und klicken Sie auf die Schaltfläche Bearbeiten. Klicken Sie auf die Registerkarte Berechtigungen.
Sie sehen eine Liste mit Ordnern und den Berechtigungen, die Ihr Benutzer hat. Hat Ihr Benutzer Lesezugriff auf Ihren Musikordner?

 

In the Control Panel in your Synology NAS, click on User & Group. Select the user which needs access to your music and click the Edit button. Click on the Permissions tab.
You will see a list of folders and the permissions your user has. Does your user have read access to your music folder?

Berechtigungen / Permission

 

Hello 

Sorry I need help, i changed my NAS412 to NAS920 Synology. New NAS ist SW Version 7. Now the NAS cannot be connected to the sonos. I already read the different hints. SMB1 Protokoll or activate LTNMv1. I tried all, but i cannot connect. Access is not granted please check user and PW. in German Zugriff auf Freigabe … Verweiger prüfe Benutzer und/oder Kennwort. I am sure the User and PW is correct. -  the following string i tried \\192.168.1.201\music als with the Servername \\NAS920\music 

Can someone help, i want to integrate my music folder again. Thx.

Userlevel 7
Badge +22

From the Samba 4.17 release notes:

https://github.com/samba-team/samba/blob/master/WHATSNEW.txt

 

NEW FEATURES/CHANGES
====================

Configure without the SMB1 Server
---------------------------------

It is now possible to configure Samba without support for
the SMB1 protocol in smbd. This can be selected at configure
time with either of the options:

--with-smb1-server
--without-smb1-server

By default (without either of these options set) Samba
is configured to include SMB1 support (i.e. --with-smb1-server
is the default). When Samba is configured without SMB1 support,
none of the SMB1 code is included inside smbd except the minimal
stub code needed to allow a client to connect as SMB1 and immediately
negotiate the selected protocol into SMB2 (as a Windows server also
allows).

None of the SMB1-only smb.conf parameters are removed when
configured without SMB1, but these parameters are ignored by
the smbd server. This allows deployment without having to change
an existing smb.conf file.

This option allows sites, OEMs and integrators to configure Samba
to remove the old and insecure SMB1 protocol from their products.

Note that the Samba client libraries still support SMB1 connections
even when Samba is configured as --without-smb1-server. This is
to ensure maximum compatibility with environments containing old
SMB1 servers.

Badge

If I don’t recall it wrongly, Samba 4.17 will remove support for SMBv1, those using a rolling type of distribution like Gentoo, Arch, Artix, Manjaro , you will need to uninstall samba, download the latest 4.16 version, compile it and install it manually and from time to time redo this when dependencies has been update to new versions, til a day when it will not compile anymore.

hello,

Installed yesterday my first DSM 7.0 and Synology has the solution for it (installed in German - i hope translation is correct):

  1. Control panel
  2. File Services (second point)
  3. Extended settings - activate SMB1 as minimum SMB protocol
  4. Other tab → Activate NTLMv1 Authentication

Sonos works with all S1 components! 

Some hint, if somebody has problems with storage on Sonos devices:

  1. make path as short as possible
  2. we use .flac files - every title is named with 01.flac … 09.flac
  3. Servername as short as possible: M1
  4. share as short as possible: we use “c”
  5. full path: //M1/c/artist-album/01.flac


 

Regards from Austria and have a happy new year!

 

Hello everyone, thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

But the OP said that they were using old kit “Deciding I am probably safe to continue linking my (very) old Sonos setup (think Zoneplayer 100) “, so surely  this can’t run S2 software.

Hello everyone, thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

Thank you! 
I can confirm my Netgear ReadyNAS + QNAP is now set & working on SMB3 (as a minimum)

Hello everyone, thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

Great news Sotiris - I’ve  been struggling to get my library to work with Sonos since SMB1 became deprecated by pretty much everyone apart from Sonos.  Album artwork is a bit laggy. 
(I tried Plex - which was flaky for CD quality FLAC files)

Hello everyone, thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

For a Synology NAS you may use these settings:grin:

 
Userlevel 6
Badge +14

Hello everyone, thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

for that matter, UPnP cannot be disabled on Sonos and is also considered as a vulnerability although nobody makes a hype about that - with regards to documentation, I found this (old) paper on the Internet

 

 

Absolutely.  I had a long conversation with someone using the SMB1 “attack vector” as a basis for his wish to have passwords in the app to keep his kids from turning the music up in other rooms.  I tried to explain that anyone hacking his system needed to only send raw UPnP calls to Sonos to do almost anything they wish, and no password at the app level was going to stop them.  

for that matter, UPnP cannot be disabled on Sonos and is also considered as a vulnerability although nobody makes a hype about that - with regards to documentation, I found this (old) paper on the Internet

 

@el rubio yep, you’re right of course. I didn’t mention I only noticed it because I bought a new NAS unit therefore moving from DSM 6.2 to DSM 7 which triggered Sonos failure as it by default switches off SMB1. Until then I have been using SMB1 on DSM 6.2 (Synology DS213j) for years with not a care in the world. It’s a sturn in a tea cup. Still, I have to confess to being a bit of a geek and once i hear about a problem, however overblown I do like to find a good solution.

@jgatie well I was more worried about other data/software sitting on the same server being hacked/corrupted than Sonos data but yes I take your point, there does seem a rather disproportionate amount of sturm and drang

(anyone listening) am I right in thinking that the only way the SMB1 or NTLMv1 weaknesses can be exploited is if the offending party or software has a valid login to the server with the password (and this would have to be in the list of local users or internal system users on the device) so if I have a few trusted users and my passwords are all very strong (and I’m careful about what I install and the access given to programs) then the SMB issue isn’t really much of an issue at all?

 

Correct.  Although the sturm and drang over this issue is huge, there’s not been one documented case of malicious hacking of a Sonos library due to SMB1 weaknesses.  

hi @Alan_77 you may find many opinions on this forum about the vulnerability - in my humble opinion, the first ‘perimeter’ to hack is your router firewall or your wifi network, next is indeed getting onto the NAS - strong passwords use and setting read-only access is one of the ways to mitigate the risks

Hi @el rubio ah I see, I understand.

Well I guess that would work quite well but in my case I always preferred historically to not need to have a computer left switched on. That being said I do also have an old Mac mini which I no longer use that I could have used just for that purpose now you mention it. Probably consumes quite a bit more electricity than a NAS though but given the Sonos limitations we’re discussing here not a bad solution. I bought the Linkstation NAS now though.

A man can never have too many NAS drives.

(anyone listening) am I right in thinking that the only way the SMB1 or NTLMv1 weaknesses can be exploited is if the offending party or software has a valid login to the server with the password (and this would have to be in the list of local users or internal system users on the device) so if I have a few trusted users and my passwords are all very strong (and I’m careful about what I install and the access given to programs) then the SMB issue isn’t really much of an issue at all?

Reply