Unable to access share from Sonos controller

mguebert

Dabbler
Joined
Dec 30, 2015
Messages
17
I have a strange problem that started recently. Prior to this issue it worked fine for the duration I have had the freenas up and runnning. I have a FreeNas 9.10 system that has been running for 1.5 yrs or so. Recently I updated to 9.10 from 9.3 and also updated my sonos app running on a Win 10 machine. I am unable to access my music shares from Sonos. I get a access denied error. This happens whether i use the \\IP\Share or \\name\share. I know the user and password I am using works because I can access those shares from explorer on the same machine. I have also verified access on 1 other win 10 machine and a Win 7 machine as well as a ubuntu test bed I have.

I would think at this point it's a sonos issue, but I have spent 4 hrs on the phone on 2 separate occasions and they are no help.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I have a strange problem that started recently. Prior to this issue it worked fine for the duration I have had the freenas up and runnning. I have a FreeNas 9.10 system that has been running for 1.5 yrs or so. Recently I updated to 9.10 from 9.3 and also updated my sonos app running on a Win 10 machine. I am unable to access my music shares from Sonos. I get a access denied error. This happens whether i use the \\IP\Share or \\name\share. I know the user and password I am using works because I can access those shares from explorer on the same machine. I have also verified access on 1 other win 10 machine and a Win 7 machine as well as a ubuntu test bed I have.

I would think at this point it's a sonos issue, but I have spent 4 hrs on the phone on 2 separate occasions and they are no help.

Perhaps the Sonos client is using NTLMv1 for auth. Try setting the global auxiliary parameter ntlm auth = yes under "services" -> "smb".

If that doesn't work, post a debug file "system" -> "advanced" -> "save debug".
 

mguebert

Dabbler
Joined
Dec 30, 2015
Messages
17
I know I did some more searching after your fix worked, and it seems the the ntlm auth = yes parameter forces an insecure system. So given the fact that all of my machines could access the shares without that parameter set, points to Sonos not using the OS cifs parameters. Does that seem accurate, because I would like to report it to Sonos.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I know I did some more searching after your fix worked, and it seems the the ntlm auth = yes parameter forces an insecure system. So given the fact that all of my machines could access the shares without that parameter set, points to Sonos not using the OS cifs parameters. Does that seem accurate, because I would like to report it to Sonos.

That most likely indicates that they're using an old version of samba. Cracking ntlmv1 is trivially simple, but it's danger on a home network is debatable. If they're going to spend $ on engineering, I want them to get freaking audible working again. :)
 

mguebert

Dabbler
Joined
Dec 30, 2015
Messages
17
So setting the minimum server protocol wouldn't work because the Sonos Client is using it's own outside the Win negotiated version?
 

mguebert

Dabbler
Joined
Dec 30, 2015
Messages
17
I spoke to Sonos and the tech indicated they are looking at fixing this in future versions of the App
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
So setting the minimum server protocol wouldn't work because the Sonos Client is using it's own outside the Win negotiated version?

You might want to check to see if there are updates available for your system. I believe NTLMv2 became the default in Kernel 3.10 (kernel cifs driver). Sonos website indicates they may use 2.6 kernel or 3.10 (unclear). I think what needs to happen on their end is to upgrade to a modern Linux kernel.
 

mguebert

Dabbler
Joined
Dec 30, 2015
Messages
17
I am on the latest 9.10 stable update. The SMB version is 4.5.5 git according to smbstatus. The tech at Sonos admitted they are using SMB 1.0 and they are looking at updating it.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
I am on the latest 9.10 stable update. The SMB version is 4.5.5 git according to smbstatus. The tech at Sonos admitted they are using SMB 1.0 and they are looking at updating it.

Samba version is something different from SMB version.
  • SMB1 (sometimes called NT1) basically is windows filesharing from before Server 2008 / Vista.
  • SMB2 = Vista / Windows 7
  • SMB3 = Windows 8+
NTLMv1, NTLMv2, etc. are used for authentication.

Samba 4.5.5 can speak all of the above without problems. The fact that Sonos is limited to SMB1 indicates that they are using an older linux kernel, which probably doesn't support SMB2 or NTLMv2 (though NTLMv2 can be done with NT1 sessions).
 

mguebert

Dabbler
Joined
Dec 30, 2015
Messages
17
Thanks for the clarification and all of the help. It has been a frustrating process, I suspected all along it was a Sonos issue, but they kept running me in circles trying things on the share and freenas level.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Thanks for the clarification and all of the help. It has been a frustrating process, I suspected all along it was a Sonos issue, but they kept running me in circles trying things on the share and freenas level.
Well, the samba project put the hammer down on NTLMv1 with 4.5. Not everyone got the memo. :)
Sonos support has probably been getting lots of calls about this.
 

Mike77

Contributor
Joined
Nov 15, 2014
Messages
193
They just got one from me today, after a couple of e-mails. And the Tech Guy also told me the same. They had a course about SMB. They are using SMB1. They were looking at changing this in the future, but it's not goiing to happen next. They had a lot of calls by people with FreeNas machines. They couldn't help...

I've got a couple of different problems with my upgrade to FreeNas v.11. But after that I'll check if formentioned solution works. Thanks guys!!!
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
They just got one from me today, after a couple of e-mails. And the Tech Guy also told me the same. They had a course about SMB. They are using SMB1. They were looking at changing this in the future, but it's not goiing to happen next. They had a lot of calls by people with FreeNas machines. They couldn't help...

I've got a couple of different problems with my upgrade to FreeNas v.11. But after that I'll check if formentioned solution works. Thanks guys!!!

The problem actually isn't with SMB1, but rather with the authentication method it's using (NTLMv1). Linux kernels prior to 3.8 default to using NTLMv1. After 3.8 they use NLTMv2 hashing encapsulated in NTLMSSP messages (sec=ntlmssp). If Sonos is just using cifs-utils to mount the remote SMB shares, then I believe all they really need to do is alter the config so that the option "sec=ntlmssp" is added to the mount.cifs command. It's not exactly rocket science and shouldn't be that hard for their 'engineers' to figure out.
 

Mike77

Contributor
Joined
Nov 15, 2014
Messages
193
Just created a new dataset, with all options standard, owner: root, group: wheel, guest access. And now the music library does work. I really have no idea why.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Just created a new dataset, with all options standard, owner: root, group: wheel, guest access. And now the music library does work. I really have no idea why.
It's possible (I haven't look closely at the auth code) that Samba cheats with "guest" access and completely bypasses the auth protocol negotiation thereby working around the NTLM issues.
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
1,828
In the forums, Sonos tech support claims they're exploring various ways to fix the issue. No timeline given, so I wouldn't count on it getting addressed soon. Sonos' engineering time is currently likely 100% consumed with adding command dictation to their music line. Sonos announced this feature for release this year and the latest Apple Homekit music player likely just made their life even more difficult.

I happen to think that command dictation for a mere music player is almost 100% useless. At this point, Sonos may be better off looking for HomeKit integration since Apple only offers a speaker option (no Amps, though Homekit-compatible Amps are likely in the future.)

I've worked around the issue by putting my music collection on a disposable portable hard drive and attaching it to a Airport Extreme base station (which accepts SMB1 NTLMv1 connections). Works great for Sonos (albeit a little slower than the FreeNAS) and allowed me to raise the FreeNAS minimum connection protocol requirements to SMB3. While I was initially annoyed that I would now have two servers in the house, I noticed that the FreeNAS now gets to sleep a lot more. Net that likely saves power.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
In the forums, Sonos tech support claims they're exploring various ways to fix the issue. No timeline given, so I wouldn't count on it getting addressed soon. Sonos' engineering time is currently likely 100% consumed with adding command dictation to their music line. Sonos announced this feature for release this year and the latest Apple Homekit music player likely just made their life even more difficult.

I happen to think that command dictation for a mere music player is almost 100% useless. At this point, Sonos may be better off looking for HomeKit integration since Apple only offers a speaker option (no Amps, though Homekit-compatible Amps are likely in the future.)

I've worked around the issue by putting my music collection on a disposable portable hard drive and attaching it to a Airport Extreme base station (which accepts SMB1 NTLMv1 connections). Works great for Sonos (albeit a little slower than the FreeNAS) and allowed me to raise the FreeNAS minimum connection protocol requirements to SMB3. While I was initially annoyed that I would now have two servers in the house, I noticed that the FreeNAS now gets to sleep a lot more. Net that likely saves power.

One other option on FreeNAS might be to do the following:

  • Create two shares pointing to Sonos dataset
  • Share one - "guest allowed" and "guest only" checked. "hosts allow" configured to only allow access from your Sonos's IP address
  • Share two - "normal authentication.
  • Disable NTLMv1

It might work depending on whether Samba lets guest through before the server and client negotiate compatible authentication methods. This also depends on the Sonos network behavior. You'll have to look closely at what's going over the wire to see how precisely to configure it.
 
Last edited:

Mike77

Contributor
Joined
Nov 15, 2014
Messages
193
One other option on FreeNAS might be to do the following:

  • Create two shares pointing to Sonos dataset
  • Share one - "guest allowed" and "guest only" checked. "hosts allow" configured to only allow access from your Sonos's IP address
  • Share two - "normal authentication.
  • Disable NTLMv1

[EDIT] As I mentioned before, it was working again. But then I got a lot of problems with the system, and needed to reinstall. And since the clean install it doesn't work anymore (again). [/EDIT]

Thanks, I tried this, but I must be doing something wrong.

I setup two shares pointing to the same dataset containing the music.

1. (the share for the sonos system)
path: /mnt/nas/music
name: sonos
browsable to network cliënts: selected
allow guest access: selected
only allow guest access: selected
hosts allow: 192.168.2.12 (this is the IP of my sonos bridge)

2. (the normal share)
path: /mnt/nas/music
name: music
browsable to network cliënts: selected

But sadly it still won't connect.

How do I enable/disable SMB1 NTLMv1? And is this done on the share level, or should I look at the storage tab?
Are there settings I should change to setup the guest account? Because at the moment it points to "nobody"

By the way, might this be solved by upgrading to FreeNAS 11 ?
 
Last edited by a moderator:
Top