Answered

Support for SMB2, SMB3 ?

  • 26 September 2017
  • 29 replies
  • 2921 views

Userlevel 2
My Sonos cannot access SMB shares on my Synology NAS. Synology disabled SMB version SMB1 due to some recent Severe Vulnerabilities in the protocol. I did some A/B testing and concluded that setting the Synology NAS File Sharing to not allow SMB1 then caused the Sonos to fail to access the SMB File Share.

When will Sonos catch up to not-ancient protocols use SMB2 and SMB3 version for SMB File Shares?

From this 2016 blog post, (https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/)

> Stop using SMB1. Stop using SMB1. STOP USING SMB1!
> ...
> The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed though modern eyes.

Using
* PLAY:5, Version: 7.4 (build 37244160), Hardware Version: 1.17.4.1-1
* Synology NAS DSM 6.1.3-15152 Update 4
icon

Best answer by Smilja 26 June 2018, 17:04

For me SMB2 is not a feature but no SMB2 is a bug. Have you ever seen a bug request that was solved by SONOS? Nope? Me neither!

Actually, this particular issue isn't an issue anymore.


Windows Sharing Changes


The Sonos app for Windows will now set up a music share using HTTP for local file sharing instead of the now-deprecated SMBv1 protocol. If you’re sharing your music library with Sonos, you may need to re-set up your music share after this update is finished.

For more details on setting up a music library, take a look here. [...]

https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278
View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

29 replies

Userlevel 5
Badge +3
There are several threads dedicated to this topic, but I'll summarize to say that Sonos has (per usual) not announced a date that SMB support will change.

The Sonos support page does explicitly list SMBv1 as a requirement.

From me: it's disingenuous to pretend like SMBv1 is some "ancient protocol" that only Sonos is still requiring. It is exceedingly *common*, and that's why despite the longstanding higher risk of vulnerabilities Microsoft hasn't been able to squash use of it.

Sonos absolutely should deliver newer version support in the future, and any reasonable person can agree with that. I just can't get on board with misrepresenting the tech landscape around SMB to drive that desire.
So, is there any way to do a feature request? Because I no longer have a device which shares via smb1 in my network and for that reason, I can't use my local media lib anymore...

And: smb1 is ancient, even though it is still in use.
So, is there any way to do a feature request?

You may submit as many feature requests as you wish. Send an email to support or give them a call.
Userlevel 7
Badge +26
We also keep an eye out here, so I'll make sure to add your name to the list. We don't have any details to share, but I'll make sure the team knows you're interested.
Userlevel 7
Badge +21
Many of us are... there's been an existing ongoing thread for over 9 months regarding the need to support a newer version of SMB. It looks like some NAS vendors are starting to no longer support SMBv1, even ahead of Microsoft disabling it for new computers and fresh installations of the major update that is supposed to become available later this month.

And I know you're well aware of that thread too, Ryan. 🙂
Userlevel 7
Badge +21
I have no clue what Sonos will do or when, so I solved the security issue for my main NAS by getting a second cheap one that I could put copies of my music on and allow the SMB 1 connections to.

If and when the issue is solved I can go back to my real NAS but now there is no urgency on my part.
Userlevel 6
Badge +1
I second Stanley's solution for the simple reason that protocol settings for NAS' tend to be global. Thus, even if your NAS allows you to enable deprecated / outdated versions of SMB, do you really want to? *All* data on a given NAS may be at risk if a flaw in a protocol can be used to break into the OS. I don't allow anything to connect to my primary NAS with a protocol below SMB3 for a reason.

Like stanley, I use a expendable NAS to host my Sonos files. The expendable NAS is an Apple Airport Base Station Extreme (ABS) and it does the job well. When I update my primary NAS with new music, I over-write the contents of the ABS hard drive. Thus, even if the ABS hard drive is compromised, the data on the primary NAS will be safe. Similarly, if there is a flaw in the Sonos password storage management that can be exploited, the only data they'll get is expendable stuff on the ABS hard drive (think ransomware, for example).

Given how many routers, base stations, etc. have these sorts of capabilities, this is the route I would choose until Sonos decides to upgrade its deprecated network stack. However, even if Sonos decides to spend the resources to go to SMB2+, it may make sense to use its source data an expendable storage option. Let that easily-replaced data be the canary in the coal mine.
I concur, get your act together guys, you are making my hardware Sonos more irrelevant every day with the lack of things like this SMB3 and HomeKit/Airplay
Userlevel 5
Badge +13
This is very disappointing, especially seeing a bunch of cosmetic changes to the app that it didn't appear many people asked for, but our requests for a security update seem to be falling on deaf ears.
Userlevel 6
Badge +1
This is very disappointing, especially seeing a bunch of cosmetic changes to the app that it didn't appear many people asked for, but our requests for a security update seem to be falling on deaf ears.

I believe the primary problem is as follows:

People who bought the original Sonos (aka early adopters) were focused on easily accessing home-based music content. However, once that sale is done, there is no future income stream. Presumably, Sonos priced its wares with a significant profit margin on the basis that the first-sale would have to pay for future support.

Current firm management seems to see the future elsewhere, i.e. Alexa-integration, streaming, etc. While they may or may not collect fees/kickbacks/etc. now, said "cloud" focus does offer far more potential for monetization. For example, some cloud content may get a more prominent billing than other stuff, customer viewing/listening habits, promotional offers, add-on sales, etc.

I believe we're observing the same shift at Sonos to a subscription model as we have all over the rest of the software industry. The above explains perfectly why the company is happy to actively obsolete working hardware (CR100) and also allow known potential network security holes to persist. There is no future money to be had supporting "non-cloud" users, hence no resources will be allocated to them.

I wonder how many people are even left at Sonos that worked on the CR100 and know how to program it. The copyright screen on the thing still lists 2014 as the year of its last update.
We also keep an eye out here, so I'll make sure to add your name to the list. We don't have any details to share, but I'll make sure the team knows you're interested. Please add me to this list too.
I just bought and installed a Sonos One and was surprised to see that it only supports SMBv1. I work with fileservers on a day by day basis and most of the datacenters I encounter have disabled SMBv1 for security reasons.
Userlevel 6
Badge +1
I don't work on file server as a day-to-day-job and I too disabled SMB NTLM v1 on my main file server. 😉 All comes down to how much you value your data. My source for Sonos data is a copy of my iTunes stuff hosted on burner hard drive.

So far, the statements from Sonos re: addressing the SMBv1 vulnerability have been 100% non-committal. This is disappointing but also 100% their right - it's their closed ecosystem and our choice is hence limited to living with / working around things we object to or moving on to the next ecosystem.
For me SMB2 is not a feature but no SMB2 is a bug. Have you ever seen a bug request that was solved by SONOS? Nope? Me neither!
For me SMB2 is not a feature but no SMB2 is a bug. Have you ever seen a bug request that was solved by SONOS? Nope? Me neither!

Actually, this particular issue isn't an issue anymore.


Windows Sharing Changes


The Sonos app for Windows will now set up a music share using HTTP for local file sharing instead of the now-deprecated SMBv1 protocol. If you’re sharing your music library with Sonos, you may need to re-set up your music share after this update is finished.

For more details on setting up a music library, take a look here. [...]

https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278
So now I'll have to keep a Mac or Windows PC running to allow my Sonos to access the music stored on my NAS? Not exactly progress :^(.
So now I'll have to keep a Mac or Windows PC running to allow my Sonos to access the music stored on my NAS? Not exactly progress :^(.
You're right, because for music stored on a NAS SMBv1 still is a requirement. But then again, one should always keep multiple backup copies of their music files stored in separate locations.
Userlevel 7
Badge +21
No way I'm enabling SMB v1 on my main NAS, but since adding a dedicated to Sonos music SMB v1 NAS is fairly cheap and painless I went that route using a Raspberry Pi micro computer, a WD Live Drive is also a possibility and is plug and play, the Pi takes about a half hour to set up if you have any Linux skills, it is designed for kids after all.
I'm coming from a Raspberry Pi + Audio DAC + NAS solution. Replaced the audio side with a Sonos to get a better user experience. I did not expect having to go back to SMBv1 on the NAS side.
Userlevel 6
Badge +13
Ridiculous to say it's not an issue anymore due to this change - and to then mention having a backup as though that's relevant..
Ridiculous to say it's not an issue anymore due to this change - and to then mention having a backup as though that's relevant..
A backup is relevant, because (apart from being held hostage by sinister figures) music files and other data can become corrupted. :8
Userlevel 6
Badge +13
Eh? So you wrongly say the issue has gone away and then defend it by saying we should keep backups? No one is saying you shouldn't - but in the context of this thread regarding SMB, having a separate backup is irrelevant - and data corruption too.
Eh? So you wrongly say the issue has gone away and then defend it by saying we should keep backups? No one is saying you shouldn't - but in the context of this thread regarding SMB, having a separate backup is irrelevant - and data corruption too.
I bow to your wisdom. :8
Userlevel 2
@Ryan S

The Sonos app for Windows will now set up a music share using HTTP for local file sharing instead of the now-deprecated SMBv1 protocol.
(https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278)

@Ryan S, this does not solve my problem. I'm using a Synology NAS.
I do not want to use SMBv1 because it is a permanently compromised protocol.

On Windows machines,

...
The SMB security flaw called “SMBLoris” was discovered by security researchers at RiskSense,
...
disclosed the security flaw to Microsoft in June, but the company said that it won’t fix it.
...
Microsoft is planning to entirely remove the SMBv1 protocol ... However, everyone still running older versions of Windows will remain affected by the issue, that’s why it’s strongly recommended to simply disable the SMBv1 protocol.
(https://www.onmsft.com/news/microsoft-wont-patch-20-yr-old-smbv1-vulnerability-you-should-just-turn-the-service-off)

On Linux machines, (e.g. Synology NAS)

...
Description Legacy Server Message Block (SMB) v1 protocol could allow a remote attacker to obtain sensitive information from affected systems.
Severity Moderate
Mitigation Option 1: Disable SMB v1 protocol
...
(https://www.synology.com/en-us/support/security/Precaution_for_a_PotentialSMBVulnerability)

There are many other SMBv1 vulnerabilities. So many that US-Cert wrote in the article
SMB Security Best Practices
,

...
US-CERT recommends that users and administrators consider:
disabling SMBv1
...
(https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices)


(This reply also posted at https://en.community.sonos.com/announcements-228985/sonos-8-6-app-improvements-and-new-windows-library-sharing-6808278/index4.html#post16264971)
I don't really see how this solves anything when using a NAS....