Sonos support for SMB 2.0 protocol

  • 18 September 2016
  • 274 replies
  • 43882 views


Show first post
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

274 replies

Userlevel 7
Badge +26
Hi everyone, starting with today's update, Sonos 8.6, Windows computers will be able to set up shares to their local libraries to Sonos without using SMB file sharing. We aren't removing support for SMB at this time, and you will continue to need to use it for NAS drives, but Mac computer and Windows computers now both have the ability to share using our implementation of HTTP file sharing using the Sonos app. For more details, see the announcement post here.
Userlevel 7
Badge +15
Hi Ryan, when you say you haven't removed support for SMB 'at this time' what does that actually mean - and how will shares from NAS's be affected by this? The point of a NAS with regards to Sonos is so PC's aren't left on permanently so I'm sure there are many users interested in how sharing will be achieved from NAS's if you appear to be going the opposite way and removing functionality as opposed to adding support for the later, more secure versions.
Userlevel 7
Badge +26
Hi sjw, we are continuing to support SMB1 on Sonos for use with NAS drives and network shares that can't set up the HTTP share that we've added for Windows computers. We'll be looking into options for NAS drives to see what can be done there, but don't have any specifics that I can share today.
Userlevel 7
Badge +15
OK, thanks.
Presumably switching it off with no other option isn't on the table?...
Userlevel 7
Badge +26
OK, thanks.
Presumably switching it off with no other option isn't on the table?...

We don't have any plans to turn off support for NAS drives.
Userlevel 7
Badge +21
OK, thanks.
Presumably switching it off with no other option isn't on the table?...

Trying to understand your query...

If you don't have a NAS holding your music library, and you can now turn off SMBv1 on your Windows computer (since Sonos is now using its own HTTP service), you're good to go. Nothing to worry about. Sonos' continued support of SMBv1 means nothing to you now. All of the risks and vulnerabilities are on the "server" end, not on Sonos' end.

And if you do have a NAS, why would you want them to just cut off support with no direct alternative?
Userlevel 7
Badge +15
Hi Mike, I do have a NAS and definitely don't want them to cut off support!! I was concerned about the wording from Ryan when he said it had gone from PC/MAC sharing - but wasn't being dropped 'at this time'.
I wanted clarification (and got it) that it wasn't even on the table for NAS's - and 'liked' Ryan's response,
As much as I really want them to something about improving the situation, completely dropping it shouldn't be seen as an option..
Userlevel 7
Badge +21
Gotcha... re-reading it now, I can see that tone in the question... sorry. 🙂 Yeah, pretty sure Sonos wouldn't go that far...
Userlevel 1
Badge
For me this is a great solution, because I've always put my files on a PC and not on a NAS. Thanks Sonos! (of course I'm also sympathetic to the NAS owners as well, so I still hope Sonos will be able to provide a solution for them as well!)
ability to share using our implementation of HTTP file sharing using the Sonos app.

Can you allow library source addition using HTTP as well? Most NAS have ability to share libraries over HTTP, either plain folders (apache2 index style), or WebDAV, both will be OK (and please, do support HTTPS).
Thanks
Userlevel 7
Badge +22
Full https support on devices on local networks is usually impractical, due to the problem of getting a certificate from an approved root CA with a local name on it. If both devices were from the same vendor (eg if Sonos did a NAS) then it would be more likely (as Sonos could create and trust their own certs), but I doubt that is going to happen.
Userlevel 7
Badge +21
I've fooled with trying to run secure HTTPS servers here and it is really frustrating due to the requirements to have a current certificate and control of the domain name it is tied too. That might be a stumbling block even for Sonos.

https://letsencrypt.org/getting-started/

In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain.
Userlevel 2
Badge
Would a setup using one SMB1 enabled NAS connected to Sonos (only), serving FLAC files, and another SMB3 enabled NAS for "sensitive" files be a secure network solution? (until Sonos adds SMB2-3 support)
Userlevel 3
Badge +1
Date: 2Jan2019

Here is my successful expereince (with some feature boundaries) to sharing my NAS based music library downwind of Sonos lack of support for SMB2+ and continued use of the vulnerable SMB1. When MS did the fall 2018 1709 W10 update, I lost NAS based music Library. We use NAS since we prefer use of .flac format, and think music rental via ugly-compressed streaming is not for us. 5+ Sonos units, 1.4 TB music library.

Obsolete vulnerable SMB1 desperately needs support for SMB2+. SONOS: get with the program! Yikes!

Sonos recommended solution was add Plex account to Sonos services, and enable Plex on NAS. This proved pretty unreliable for us. Speculate, maybe too many hops. Bizarre (read poor) Sonos "solution" to SMB1 problem.

Most notable thread on this (among others) IMHO: https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-2-0-protocol-6739642/index1.html?sort=dateline.desc

Wishing to stop using vulnerable SMB1 (personal decision), a few comments:
1) Kudos to Mike V (S in IOT stands for Security - LOL) who posted about this alternative approach.
2) Long time lifetime-license MediaMonkey Gold user (https://www.mediamonkey.com).
3) We do not use iTunes to manage Library on W10, and have no Macs.
4) Not an IT guy, just self-taught gizmo-intrigued n00b music fan.
5) This approach requires both some thought and MediaMonkey experience. It's not elegant.

MediaMonkey (MM) is used as music library manager including rip to NAS share as .flac, playlist builder tool, among many other MM features. Three NAS back-ups, one off-site. MM knows and manages music library.

NAS: QNAP TS-253B, QTS 4.3.5, SMB1 disabled. Reference:
https://www.qnap.com/en/how-to/faq/article/why-cant-i-find-my-nas-in-windows-file-explorer-after-installing-the-windows-10-fall-creators-update-version-1709/

On the following, YMMV depending on your configuration:

Install MM on W10 machine (in our case, an HTPC) which is on all the time (yep, that's necessary to be seamless to Sonos). Go ahead, buy a license for MM Gold version. IMHO, I like MediaMonkey because it lets me set options to manage music library my way. Unsure if all this works on free version.

You must add NAS-based music library to MM: File>Add/Rescan file to library. In my case, I pasted the music library path from W10 Explorer into the field at bottom of this window since picking path up from Network choices (above in this window) has been kinda wonky for me. The scan may take a few hours if you've a big library. You can watch scan process down at bottom of MM window. Not a big deal for me since we were already using MM.

In MM: Tools>Options>Library>Media Sharing (UPnP/DLNA), move over to right window pane.

In my case the MediaMonkey Library is listed. Check the box to left of listing. Then highlight and single click this listing of the Library. Click on the Options button. Check the Update counter box and the Share automatically with all new devices box.

In the pane below UPnP devices are listed. They are listed by Enabled status, MAC address, IP address, and name. In my case, several Linux Sonos devices are listed which seem to be those on which I have Sonos controller software/apps installed, e.g. ZP-120, Windows, iPad, iPhone. Make sure the enabled check box for each is checked. Then click OK button at bottom of this window, and window closes.
Then click OK at bottom of Options window.

In Sonos, (iOS iPad/iPhone) More>Settings>Advanced Settings>Show UPnP/DLNA Servers Enabled. I could not find this feature in W10 Sonos controller; posts suggest it used to be in File>Preferences but this now appears to be absent in W10 Sonos Controller v9.3, Build109822974 (did not try Android or Mac versions).

In Sonos, Browse>MediaMonkey Library (W10 MM machine name is listed)>Music and drill down to folder/sort you want. You can drill down via Location option to follow NAS music location path, having made MM aware of NAS library path (above.) Here is feature limitation: It looks to me like individual songs (filenames) must be added to Sonos Queue. No play Artist, Album, etc. in-one-shot capability. Once individual tunes are added, Sonos queue can be edited, played consistent with typical Sonos capability.

I'm thinking this approach avoids web hops and SMB1 vulnerability. I recognize this may serve as further incentive for Sonos to not fix NAS access which has been a long featured capability. Seems like such a premium product oughta get you to a NAS, streaming world (perhaps naively) aside.
Badge

Hi sjw, we are continuing to support SMB1 on Sonos for use with NAS drives and network shares that can't set up the HTTP share that we've added for Windows computers. We'll be looking into options for NAS drives to see what can be done there, but don't have any specifics that I can share today.

 

Hi Ryan,

it’s a year or more since your post. What options did Sonos investigate and when can we expect to see them implemented? It’s not really acceptable to force SMB1 on NAS users with all the security weaknesses that plague it.

 

Bluesound, purely as an example, support SMB 3.

I suspect BlueSound has never needed to support devices with only 32 Meg of memory, and the Linux kernel that will fit within it, as Sonos does currently. 
 

Many of us are hoping that when the split between legacy and modern devices occurs, Sonos will be able to make this change. 

Badge

I suspect BlueSound has never needed to support devices with only 32 Meg of memory, and the Linux kernel that will fit within it, as Sonos does currently. 
 

Many of us are hoping that when the split between legacy and modern devices occurs, Sonos will be able to make this change. 

 

Yes, I’m hoping that modern devices with more memory will be updated with an SMB 3 compatible stack. I honestly think they should already be doing this - just detect the device when doing firmware upgrades and if it has enough memory, load the updated stack. Seems quite lazy on their part.

 

Agreed about Bluesound. They support SMB 3 protocol, but still only NTLM v1 for authentication, so another relatively insecure implementation.

Userlevel 7
Badge +21

Updating some Sonos to SMB v3 while leaving others at v1 would be a user support nightmare. Sonos has resisted the multiple firmware branches for years but tried to do what they could (like library indexing) within that.

If they go to a newer kernel it would be a lot of extra work to not go with current versions of all the other software so I expect to see the ability to do more to be present. How much Sonos will enable and expose and when they do it will be interesting to watch. If it was me I’d try to just upgrade versions and keep the system working as my first try. Once the dust settles and bugs are squashed start enabling new features and publicizing any that came along for free.

 

Badge

Updating some Sonos to SMB v3 while leaving others at v1 would be a user support nightmare. Sonos has resisted the multiple firmware branches for years but tried to do what they could (like library indexing) within that.

If they go to a newer kernel it would be a lot of extra work to not go with current versions of all the other software so I expect to see the ability to do more to be present. How much Sonos will enable and expose and when they do it will be interesting to watch. If it was me I’d try to just upgrade versions and keep the system working as my first try. Once the dust settles and bugs are squashed start enabling new features and publicizing any that came along for free.

 

Not sure I agree with that. SMB is backwards compatible version wise, and even SMB 3 has been out for a good while, so is a fairly mature standards based protocol. I doubt they’d see many issues at all, especially if they just introduced SMB 3 support and let the NAS and the player decide which version to use. That happens now with my NAS - my computer connects and auto negotiates SMB 3, Sonos connects and auto-negotiates SMB 1.

 

At the end of the day, there are serious security loopholes in SMB1 and it just shouldn’t be used when v2 and v3 are widely available and supported by nearly all NAS’s. 

 

I think it’s rather telling that Ryan’s post from over a year ago said they were investigating options and since then it’s been radio silence.

Which is one of the reasons I suspect that they’re not able to update the currently required kernel due to space limitations. I don’t think that Sonos is just ignoring the issue out of spite, there has to be a reason why they’ve been unable to make an change, so far. 

Userlevel 7
Badge +22

Sonos should just give up entirely with SMB, and publish the spec for their music server http service. The NAS folks could then implement the server on their platforms and be done with it. The SMB code could then be deleted from the device firmware, actually freeing up valuable space.

It would certainly be interesting to know what their plans would be, but the ‘recent’ changes to the desktop clients might support that change in direction. We’ll have to see ;)

Userlevel 7
Badge +21

Not sure I agree with that. SMB is backwards compatible version wise, and even SMB 3 has been out for a good while, so is a fairly mature standards based protocol. I doubt they’d see many issues at all, especially if they just introduced SMB 3 support and let the NAS and the player decide which version to use. That happens now with my NAS - my computer connects and auto negotiates SMB 3, Sonos connects and auto-negotiates SMB 1.

I’m missing something here, how does adding SMB v2/3 solve anything when SMB v1 must still be enabled for Sonos devices that can’t support the newer version?

Even ignoring that bit, where is the memory needed to hold the larger SMB v2/3 code to come from? What existing functions would you have Sonos remove from the players to free up the space?

Things may change after the modern/legacy split in May, no way of telling and Sonos rarely leaks upcoming changes detail. Ryan’s silence just means he is addicted to food and shelter and is avoiding getting fired for violating that policy. If he decides to leak (Hi Ryan) I have a nice piece of cardboard and a black felt marker he can use to replace some of his current paycheck.

One possible option I see is to make an SMB v2/3 gateway to SMB v1 available as an option on newer Sonos products after the modern/legacy split. All library data would come to the Sonos system over the newer SMB versions on modern devices and be passed on to the legacy gear from there.

Oh, what a company, it’s really time to get rid of all that expensive scrap!

 

Userlevel 7
Badge +21

Good idea jump to something else just a couple months from when Sonos has the chance to start improving things that were not fixable under the Legacy memory limit.