Synology SMBv1 Docker container workaround

  • 18 October 2020
  • 67 replies
  • 5694 views

Userlevel 3
Badge

So I've got a Synology NAS and a couple of Sonos speakers. Some day I got the stupid (!) idea to switch SMBv1 off and soon I found out that my Sonos stuff was unable to find my local music library.

 

Of course I agree that Sonos should move to v2 or v3, but since there is no sign they will, even after the whole S2 operation, it seems we will have to solve this ourselves.

 

I’ve seen the Raspberry pi solution here on the forum, but I didn’t want separate devices and I thought it should be possible to do the same with docker on the NAS itself. If you are not familiar with Docker yet: it is like running an extra machine (called “container”) on your NAS, a little bit like virtual machines, but easier and more lightweight. The container runs isolated on your NAS, it only gets the access to your NAS you grant it specifically. Docker is a standard package on Synology. It also has a nice “registry”: an app store where everyone can share their containers.

 

So the idea is: run a container with SMB (Samba) v1 with read-only access to the music library on the Synology NAS only.

 

This workaround can almost completely be done from the DSM user interface!

 

Unfortunately you’ll need to enter one command on the command line. This is because standard Docker networking won’t suffice. Most containers use the IP-address of the host-machine (your NAS). I assume you want to keep Samba running on your NAS to access your (other) files on Windows and only upgrade it to a higher (more secure) version. This is why standard Docker networking won’t be enough here. Your container needs it’s own IP-address. This can be done with Docker macvlan networking, but there is no way to enable that from the user interface.

 

How to

 

Step 1 – install Docker

Login to your Synology NAS web interface (DSM) – you need to be administrator

  1. Open the Package Center
  2. In the Search field, search for docker
  3. Click Install on the Docker result

 

Step 2 – enable macvlan networking

As mentioned above, Docker containers usually don’t need their own IP-address, but in this case, it does. So your NAS will be connected to your network with only one cable, but it will have 2 IP-addresses. We need macvlan networking for this. With macvlan networking, Docker will supply your container with it’s own IP-address from  a designated pool of addresses, but all IP-address need to be on the same subnet!

Example IP-addresses

Your router: 192.168.0.1
Subnet: 255.255.255.0
Your Synology NAS: 192.168.0.2

 

Now your router will probably automatically supply computers on the network with IP-addresses (DHCP). Docker won’t listen to your router, but does this on it’s own. Therefore, you need a small range of IP-addresses that won’t be used by your router. In my case, my router manages IP-addresses from 192.168.0.1 to 192.168.0.200. So I can use anything between 192.168.0.201 to 192.168.0.254. I decided to use the end of the range: 192.168.0.240 – 192.168.0.254 which can also be described as 192.168.0.240/28. Many routers will be save using these high numbers, but please check your router settings to be sure and check the manual of necessary. Your network will become a mess if IP-addresses are used multiple times. If you can’t use 240-254, please Google subnet calculation to find another small range you could use.

 

To set this up in Docker, you need to login to the command line with SSH. On windows you can do this with Putty. You might need to enable SSH to do this. Settings are on the Control Panel under Terminal & SNMP.

After login just type (or copy here and paste in Putty using right mouse-click):

 

sudo docker network create --driver=macvlan --gateway=192.168.0.1 --subnet=192.168.0.1/24 --ip-range=192.168.0.240/28 -o parent=eth0 macvlan

 

And press enter. You will need to re-enter your password after this, because you are using sudo (to run administrative tasks)

 

After that, some random range of numbers will be shown. You’re done! Type “exit” and confirm with enter to leave.

 

Go back to the userinterface (DSM) en open Docker. Click on Network to confirm your macvlan network is there.

 

To find out more about Docker macvlan, see:

https://docs.docker.com/network/macvlan/

https://docs.docker.com/network/network-tutorial-macvlan/

https://collabnix.com/2-minutes-to-docker-macvlan-networking-a-beginners-guide/

 

Step 3 – download and launch Samba container

Now it’s time to download and launch your Samba container. Fortunately, several people have created Samba containers before, so you don’t have to create one yourself.

 

Click on Registry and type samba. First hit will be dperson/samba. This version is by far the most common. Select it by clicking on it and then hit download. A version selector will be shown, and latest is fine, so just continue. Download will start and will be ready soon, the image is pretty small.

 

Now go to Image. Here you will see all the images you downloaded and are waiting to be used. As long as the storage icon is changing, download is still in progress. A notification will pop up when download is ready. Select dperson/samba:latest and hit launch.

 

On the next screen, give your Container a nice name, like “sonos-samba” and you may want to limit resources. 512 MB should be enough.

 

Go to Advanced Settings and hit Enable auto-restart if you like. This will restart the container if it – for some reason – fails.

 

Then go the Volume and click Add Folder. Select the folder your music is stored. In general, this will be the “music” share. Make sure not to select any folder with anything private in it. So, if you store your music in your home folder, make sure not to select /homes/, but only select the subfolder containing music.

 

After this, in mount path, just type /music. And make sure to hit the Read-Only button. This way Docker will grant read-only access to this share. So even if your container gets compromised, it can’t hit anything on your Synology NAS.

 

Next go to Network. Make sure to remove Bridge (select and hit - ) and add your newly created macvlan network.

 

Port Settings and Links are fine, don’t touch.

 

Your share settings have to be added on the Environment-tab.

Although you might add the share as a public share, I prefer to use passwords anyway. Please make sure you use a generated password that you don’t use anywhere else!

 

Following Environment variables have to be set:

PATH 	= leave as is.
GLOBAL = ntlm auth = ntlmv1-permitted
# this will enable old authentication mechanism, necessary for Sonos
SMB = disable
# This will enable SMBv1
SHARE = music;/music;yes;yes;no;sonos;;;SonosMusic
# This is will add a share music, located at /music (location where you mounted your local music on the Volume page), read-only accessible for user sonos with description SonosMusic.
USER = sonos;verysecretgeneratedpassword12345

If you think you may need more settings, or want to understand these, please check the webpage of this container: https://hub.docker.com/r/dperson/samba

Click Apply.

Click Next

Click Apply.

Your container will now start!

 

After a few seconds you will be able to go to \\192.168.0.240\ (or any other IP-address you’ve set) in the windows explorer. You will need to enter sonos as username and your verysecretgeneratedpassword12345 as password and then you will see your music share and will be able to browse through your music collection.

 

If this works, go to your Sonos settings and add \\192.168.0.240\music as music library. If it connects properly, it will first start indexing. It’s a sign it is working and you can now safely remove the existing share pointing directly to your Synology NAS.

 

Don’t forget to turn SMBv1 off on your Synology! You can find it in the Control Panel under File Services. Click Advanced under SMB and change Minimum SMB protocol tot SMB2 or higher.


67 replies

Userlevel 3
Badge

Dear @Rowena B. ,

now that DSM7 is officially launched, i assume more and more people are getting stucked with SONOS SMB1 implementation. I think the solution that has been presented here is technically very good, but not what i expect to do, if i am working with one of the leaders in multiroom entertainment.

So i (and i think the most of your users) would really appreciate any information on when SONOS will update the software and go with  SMB2.


Hi gevaugeh, I agree, but there are a lot of topics with opinions about this. This is a topic about a solution and I like to keep it that way.

Badge +1

I was able to get share=music to work and all music is visible in Sonos, THANK YOU!! :sunglasses:

However, I went and renamed HD Music AIFF to HD_Music_AIFF and then set SHARE2=HD_Music_AIFF;/HD_Music_AIFF;yes;yes;no;sonos;;;SonosMusic

I can’t get this to connect at all. I’ve tried all lower case, but don’t think it is caps specific, I’ve tried HD_Music_AIFF;/HD_Music_AIFF/;music;yes;yes;no;sonos;;;SonosMusic

 

and several other versions and nothing. Any ideas? 

Userlevel 3
Badge

Have you mounted the folder inside the docker container?

 

Userlevel 3
Badge

vSwitch is off unfortunately.


I'm afraid I won't be of much help here. I suggest trying either Synology or Docker forums.

Badge +1

@jelvank yes I did, each version I would go add the folder under Volume

Userlevel 3
Badge

@jelvank yes I did, each version I would go add the folder under Volume

Ok, maybe description should be unique too. Your SHARE= comment basically consists of a lot of fields:

name;/path[;browse;readonly;guest;users;admins;writelist;comment]

So in your case try changing SonosMusic to SonosMusicAIFF:

HD_Music_AIFF;/HD_Music_AIFF;yes;yes;no;sonos;;;SonosMusicAIFF

 

Hello, same issue with the container ! 

failed to create the macvlan port: device or resource busy ! 

DS918+ !

no vswitch ! 

I have the following errors:

2021-07-10T00:58:29+02:00 SNas docker[21750]: time="2021-07-10T00:58:29.986777470+02:00" level=warning msg="macvlan driver does not support port mappings"
2021-07-10T00:58:29+02:00 SNas docker[21750]: time="2021-07-10T00:58:29.986864355+02:00" level=warning msg="macvlan driver does not support port exposures"
2021-07-10T00:58:30+02:00 SNas docker[21750]: time="2021-07-10T00:58:30.662053562+02:00" level=error msg="5b3661d101af2050d5ef267be5f529f3347acd847b4cbad6572b5ae1fb3aa410 cleanup: failed to delete container from containerd: no such container"
2021-07-10T00:58:30+02:00 SNas docker[21750]: time="2021-07-10T00:58:30.662195774+02:00" level=error msg="Handler for POST /containers/sonos-samba/start returned error: failed to create the macvlan port: device or resource busy"

any idea ?

I found the answer by myself.

What did you do to fix?  I had the same error.

I found the answer by myself.

could you share please what was the solution :) 

Userlevel 3
Badge

I wonder if your active network device is actually called eth0. You can check all network interfaces by entering:

ifconfig

Several devices should appear, including a device called “eth0”. This device should be the one with the ip-address your Synology is using:

eth0      Link encap:Ethernet  HWaddr XXXXXXXX
inet addr:IP OF YOUR MACHINE Bcast:X.X.X.X Mask:255.255.255.0
inet6 addr: XXXXXXX Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28499909 errors:0 dropped:0 overruns:0 frame:0
TX packets:29418188 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16085430921 (14.9 GiB) TX bytes:23241748739 (21.6 GiB)

If the ip-address you know is behind another device, you should create de macvlan device with the name of that device instead of eth0.

Hi Jelvank,
Thanks for your solution to get around this Sonos issue.
Unfortunately, I have managed to create the Container & Macvlan as set out in your instruction, but it does not lead me to the site where I put Sonos as my USER and then my password (I will change this after) - I have beentrying with     //192.168.1.240/
Below I have placed my screen prints which could show where I am going wrong…….I appreciate any help you could share on my situation - Thanks M
 

 

 

 

 

 

 

 

 

 

@jelvank great write-up! I put containerizing this off for almost a year (just got into the Sonos family during late 2020), but your guide made me do it ASAP because, well...I didn’t have any excuses.

Some other words for everybody else:

  • You can definitely do more shares and have your music in different folders. Use SHARE, SHARE2, SHARE3, etc. I have 5 shares and they work perfectly (as long as you do it correctly - make a volume, use that volume name in the share, etc.)
  • If you’re only going to be running this container, I suggest using a very small IP range like /31 instead of /28. /31 does 2 IP addresses and 28 does 8. Small difference, but my IP ranges are constrained because I have a ton of devices on my wifi (smart home things).
  • 512 MB is totally enough. I’m running 24 bit 48 kHz flacs without any issues
  • Using the built-in Sonos library is the only way to get 24-48 flacs playing on your speakers. Plex is capped at 16 bit. An alternative would be to set up another script using ffmpeg to convert your 24 bit → 16 bit, use Plex with the 16 bit, and call it a day.
  • If you have to delete the macvlan you created, got back to SSH and use the sudo docker network rm macvlan - why would you do this? Maybe you messed up your IP ranges like I did and need to fix it *shrug*

Userlevel 3
Badge

Hi @MOGBEAR if you are a windows user, you should try \\192.168.1.240 (note the backslash instead of slash)

Furthermore I think your gateway is wrong, guessing Linksys is your router?

Another suggestion would be not to use @ in your password, since in Linux/Unix world it is a character with specific meaning. Increase the length of the password for security, but avoid special characters.

And finally, please post the output of ifconfig as I mentioned a few posts above here, to see if eth0 is actually your current network device. 

Thank you, @jelvank! Excellent post.

I was about to enable SMBv1 on my NAS when I saw your post. Everything works perfectly.

It’s a shame that Sonos forces us to go through these workarounds.

Jelvank - thank you for coming back to me! 
‘ipconfig’ result shot:
 

​​​​​

My router is the following and the synology NAS and Linksy Velop mesh is are attached via ethernet cables:
 

 

I have tried the backslash address that you have suggested and it cannotbe found:
 

I have changed the containerpassword in Docker, so there isn’t any carachters like @ included as below:
 

I very much, like many here, appreciate the kind service you are doing here as this situation with Sonos is very upsetting. If you have the time to correct me where I am going wrong then I would very much appreciiate that…. 

Userlevel 7
Badge +22

@mogbear based on those screenshots your PC is on an entirely different network to your NAS.

The PC is on 10.102.1.x (which is wireless) and your NAS is on 192.168.1.x

Zero chance these devices can see each other.

I know nothing about dockers (I just put my music on a PC, its trivial to setup and zero maintainance), but that network config is not going to work for Sonos.

 

Badge +1

Well, everything was working like a champ THANK YOU!!!!  Until I upgraded HDDs on my NAS, the ones I had in service were 7 years old, so I figured it is a good idea to get “modern” HDDs. In doing so I backed up my old drives, but the Docker setting didn’t get backed up somehow.

I’ve redone the docker and I get connected to the folders in docker (music and hd_music) via Mac Finder no problem and Sonos shows I’m connected too. 

The problem is when I view either folder in either Mac Finder or Sonos (to create new playlists or just browse in Sonos) neither of my folders show any files. 

I can go directly into DiskStation or Mac Finder and view the folders and files fine. I can play songs the whole bit. 

Any idea why through docker  or Sonos neither folder shows any files? 

Thanks so much for bringing this here - insane we have to do this but so it goes.

Hoping someone can help.  Setup looks reasonable.  The macvlan starts and looks good.  The package is running fine with the config as specified. The ip range is what I use so it should all be kosher. Only issue is after trying to log in on windows I get no response and using the sonos app I get “The computer 192.168.0.240 is not responding”.  Anything else I can check to see if this is being blocked by Sonology, by my router, or somewhere else?  I’m running a UniFi network, FWIW.

Userlevel 3
Badge

Well, everything was working like a champ THANK YOU!!!!  Until I upgraded HDDs on my NAS, the ones I had in service were 7 years old, so I figured it is a good idea to get “modern” HDDs. In doing so I backed up my old drives, but the Docker setting didn’t get backed up somehow.

I’ve redone the docker and I get connected to the folders in docker (music and hd_music) via Mac Finder no problem and Sonos shows I’m connected too. 

The problem is when I view either folder in either Mac Finder or Sonos (to create new playlists or just browse in Sonos) neither of my folders show any files. 

I can go directly into DiskStation or Mac Finder and view the folders and files fine. I can play songs the whole bit. 

Any idea why through docker  or Sonos neither folder shows any files? 


First guess: permission issue. Docker doesn't have access to the folders inside your music folder. Could you (temporarily) change permission to world readable?

Userlevel 3
Badge

Thanks so much for bringing this here - insane we have to do this but so it goes.

Hoping someone can help.  Setup looks reasonable.  The macvlan starts and looks good.  The package is running fine with the config as specified. The ip range is what I use so it should all be kosher. Only issue is after trying to log in on windows I get no response and using the sonos app I get “The computer 192.168.0.240 is not responding”.  Anything else I can check to see if this is being blocked by Sonology, by my router, or somewhere else?  I’m running a UniFi network, FWIW.


I'm on Unifi as well and I can’t remember running into specific issues with this. Can you ping 192.168.0.240? (I can). Maybe you isolated your Sonos devices somehow? Or your Synology? You can even start a terminal (Container > Details > tab Terminal > Create-button) and try to ping from within your Samba-container.

Badge +1

Well, everything was working like a champ THANK YOU!!!!  Until I upgraded HDDs on my NAS, the ones I had in service were 7 years old, so I figured it is a good idea to get “modern” HDDs. In doing so I backed up my old drives, but the Docker setting didn’t get backed up somehow.

I’ve redone the docker and I get connected to the folders in docker (music and hd_music) via Mac Finder no problem and Sonos shows I’m connected too. 

The problem is when I view either folder in either Mac Finder or Sonos (to create new playlists or just browse in Sonos) neither of my folders show any files. 

I can go directly into DiskStation or Mac Finder and view the folders and files fine. I can play songs the whole bit. 

Any idea why through docker  or Sonos neither folder shows any files? 


First guess: permission issue. Docker doesn't have access to the folders inside your music folder. Could you (temporarily) change permission to world readable?

I’m sure this is a crazy question, however, where do I change the setting to “world readable”? Somewhere in Docker, or Control Panel> Users and Groups? 

I unselected “Read Only” in docker and no change...

Userlevel 3
Badge

I’m sure this is a crazy question, however, where do I change the setting to “world readable”? Somewhere in Docker, or Control Panel> Users and Groups? 

I unselected “Read Only” in docker and no change...

In Control Panel (Synology) → Shared Folders → select folder → edit → tab permissions

And are you sure de location of your music files is still the same?

I don't know if you are used to using the command line, but you can check if your docker container can even see anything by opening a terminal on the terminal tab in your Docker details. Hit Create and enter:

cd /music
ls -alF

This should return a list of all files and directories including ownership and permissions.

(Don't forget to change Read-only back)

Badge +1

@jelvank, Should there be a user “Sonos” in users? If so, there is not. The default guest account is set to read only, however when I set up my new HDDs in the NAS I had it diesabled, did Docker change this? 

I can do command line, IF it is done for me, such as your instructions for macvlan…..other than that, no I cannot. 

Thank you for the continued support of this fix….Sad Sonos won’t get off their butts and make a permanent solution 

Userlevel 3
Badge

@Joeschmoe no there's no Sonos user on Synology. Your Synology is not aware of what is going on inside the Docker container. That is more or less the cool thing about containers. But you should try setting your Music share (if that's where your music is located) to world readable.

As to command line. I think this one is pretty simple. Open your Docker container. Choose the Terminal tab and click Create (the button itself, not the arrow). Then you simply enter the commands given above and post the output here. It should show something like this:

Thank you for the continued support of this fix….Sad Sonos won’t get off their butts and make a permanent solution 

Yeah well, what bothers me a bit is that lately Sonos seems to be pointing people here. Maybe they could offer some support themselves if they think this is the way to go...

Reply