Unable to access share from Sonos controller

[anodos]

[EDIT] As I mentioned before, it was working again. But then I got a lot of problems with the system, and needed to reinstall. And since the clean install it doesn't work anymore (again). [/EDIT]

Thanks, I tried this, but I must be doing something wrong.

I setup two shares pointing to the same dataset containing the music.

1. (the share for the sonos system)
path: /mnt/nas/music
name: sonos
browsable to network cliënts: selected
allow guest access: selected
only allow guest access: selected
hosts allow: 192.168.2.12 (this is the IP of my sonos bridge)

2. (the normal share)
path: /mnt/nas/music
name: music
browsable to network cliënts: selected

But sadly it still wo'nt connect.

How do I enable/disable SMB1 NTLMv1? And is this done on the share level, or should I look at the storage tab?
Are there settings I should change to setup the guest account? Because at the moment it points to "nobody"

By the way, might this be solved by upgrading to FreeNas 11 ?

In FreeNAS 9.10.2-U5, you can add the "auxiliary parameter" ntlm auth = yes under services->smb. In FreeNAS 11 there's a checkbox that does that for you.

 

[Mike77]

I just added the ntlm auth = yes and rebooted the system. The strange thing is that the new sonos share still doesn't work. But now sonos can connect to the normal music share using the old username and password. Any idea's why?

 

[anodos]

I just added the ntlm auth = yes and rebooted the system. The strange thing is that the new sonos share still doesn't work. But now sonos can connect to the normal music share using the old username and password. Any idea's why?

You'd have to look carefully at the logs to see why. I'm not familiar enough with the application to know what it's doing / how it's accessing the server. If you're interested in pursuing this you can use tcpdump on the FreeNAS server to do a packet capture and increase samba logging then review the data you gather.

 

[Constantin]

How do I enable/disable SMB1 NTLMv1? And is this done on the share level, or should I look at the storage tab?

It is not done at the share level, which is why I so intensely dislike enabling it. SMB negotiation (and by extension security) is set in the Services/SMB tab, so select Services from the left hand menu then scroll down and select SMB to trigger a pop-up window. Scroll down the pop-up to minimum SMB protocol drop-down menu. That's where you can downgrade the minimum allowable protocol to NT1. On top of that you'll also have to enable the "NTLMv1 auth" check box for Sonos to connect to a server.

This is what worked for me until I hooked up my disposable HD just for Sonos and tightened up SMB security on the FreeNAS again.

By the way, might this be solved by upgrading to FreeNas 11 ?

Upgrading will likely have the opposite effect. FreeNAS 9.10 and up have NTLM v1 and SMB1 turned off by default. For all I know, you may even have to re-enable your security downgrades after upgrading the FreeNAS server software.

 

[anodos]

It is not done at the share level, which is why I so intensely dislike enabling it. SMB negotiation (and by extension security) is set in the Services/SMB tab, so select Services from the left hand menu then scroll down and select SMB to trigger a pop-up window. Scroll down the pop-up to minimum SMB protocol drop-down menu. That's where you can downgrade the minimum allowable protocol to NT1. On top of that you'll also have to enable the "NTLMv1 auth" check box for Sonos to connect to a server.

This is what worked for me until I hooked up my disposable HD just for Sonos and tightened up SMB security on the FreeNAS again.


Upgrading will likely have the opposite effect. FreeNAS 9.10 and up have NTLM v1 and SMB1 turned off by default. For all I know, you may even have to re-enable your security downgrades after upgrading the FreeNAS server software.

SMB1 is permitted by default in FreeNAS 11. NTLMv1 is not.

 

[Mike77]

It's working at the moment. But I haven't upgraded yet to V11. So seeing that I have a couple of Sonos players. I'll wait for Sonos to get their act together (this goiing to be a long wait). I think it's kind of sad that Sonos let their product slip this much. They should actually upgrade their software and just accept that they sell speakers. It would be nice if they would be accessible for all systems (let everything stream to the speakers, and give open access to all other media machines) and now jst focused on their software.

 

[Constantin]

Based on what I have read, Sonos sees streaming as their future and just spent a ton of engineering and treasure enabling their voice-activation.

Allegedly, a whole bunch of their traditional network engineers were let go. That may explain why something as "simple" as a updated SMB network stack has yet to happen despite Microsofts removal of SMB1 support in Windows 10, available software tools to make the transition, etc.

Sonos claims that they currently don't nor that they have any plans to earn money from streaming. However, the focus on expanding streaming support at the expense of the folk who use in-home storage suggests otherwise.

My read on the landscape is that streaming is much easier to monetize than stored content. There are all sorts of ways to monetize a stream that are invisible to the consumer, from agreements re: sharing ad revenue to placement fees (i.e. 'feature' a stream, put it at the top of a index list, etc.)

Because the fundamentals are being ignored in the quest for shiny new objects, I fear that Sonos will not survive. Stuff is going to start breaking all over, the SMB issue is just one symptom. Good news is that the Sonos resale market is *currently* good and that there are competitors on the market like Bluesound with SMB3 support.

 

[MindBender]

I'm sorry to revive this old topic guys: I have had this problem, worked around it by enabling ntlm auth = yes, but now it has reoccurred.

It's probably due to my 'recent' FreeNAS 11 update a few months ago, and my very infrequent use of my Sonos systems, that I'm only noticing now.

Now I did notice that FreeNAS v11 SBM has an 'NTLMv1 auth' checkbox, but I don't think that means auxiliary parameter ntlm auth is actively filtered out, so I figure either should work. However, neither allows me connect my Sonos.

The cryptic error Sonos produces is the same for proper and bogus credentials, but different from the one produced with a bogus hostname, so I figure it is again an authentication problem.

Does anybody here have the same problem? And perhaps a solution? I have posted on the Sonos forum as well, as I have done before (https://en.community.sonos.com/trou...enied-to-nas-6768673/index1.html#post16281366).

 

[anodos]

I'm sorry to revive this old topic guys: I have had this problem, worked around it by enabling ntlm auth = yes, but now it has reoccurred.

It's probably due to my 'recent' FreeNAS 11 update a few months ago, and my very infrequent use of my Sonos systems, that I'm only noticing now.

Now I did notice that FreeNAS v11 SBM has an 'NTLMv1 auth' checkbox, but I don't think that means auxiliary parameter ntlm auth is actively filtered out, so I figure either should work. However, neither allows me connect my Sonos.

The cryptic error Sonos produces is the same for proper and bogus credentials, but different from the one produced with a bogus hostname, so I figure it is again an authentication problem.

Does anybody here have the same problem? And perhaps a solution? I have posted on the Sonos forum as well, as I have done before (https://en.community.sonos.com/trou...enied-to-nas-6768673/index1.html#post16281366).

Try adding the auxiliary parameter server min protocol=NT1 to Services->SMB.

 

[MindBender]

Try adding the auxiliary parameter server min protocol=NT1 to Services->SMB.

That's it! Thanks lot! I'm playing music from happiness now ;-)

 

[JohnR21]

Evening, I think it's my turn to refresh this thread. I've tried all the advice offered across these two pages and set the Aux Parameter on my SMB share, to both

ntlm auth = yes
server min protocl=NT1

...and still no joy.

I'm just wondering what network path i should be entering into the SONOS controller settings.

My share is /mnt/mediashare/mymedia/

So should it be \\ip_address\mediashare\mymedia

...and then \music which is where all my files are stored even though through Windows Explorer the network path to the folder is

\\ip_address\mymedia\music

Any help is greatly appreciated

Thank you

 

[hakayova]

I would like to revive this topic as well. I am currently using the latest version of TrueNAS Core (i.e. TrueNAS-12.0-U1.1). I can get to my smb shares via my linux workstation without any difficulty. ACLs seem to work flawlessly on that end as well. However, I cannot get access to the same shares via Sonos or Kodi. Let's tackle them one by one:

• Sonos: I enabled both SMB1 support and NTLMv1 Auth in smb service settings of TrueNAS core from the web interface. I restarted the smb service. Sonos still gives me a "unable to add the music share (1002) error. I searched Sonos documentation a little bit which states that certain ports should be open for music library to work (see here). I could not see an /etc/pf.conf on my TrueNAS core. I am wondering 1. if opening these ports should be truly necessary, 2. it would be easy to test if I know where to look. Any idea how to modify firewall settings in TrueNAS core?
• Kodi: My TrueNAS server is listed under zeroconf server list in Kodi; however, clicking to follow does not lead to any response, as opposed to clicking other ones listed would take me to their shares. Clicking smb shares is also useless, because none of smb shares are listed there. I tried adding the information manually like "\\server\share\folder" along with the username and password, but it gives me a connection refused error, despite all of the information is being accurate and triple-checked.
• After posting all this, I checked /var/log/messages only to see this message repeatedly posting every 5 seconds: ``Jan 16 13:46:34 myserver kernel: pid 26951 (smbd), jid 0, uid 0: exited on signal`` This may indeed be the underlying problem. How can I troubleshoot?

Any pointers will be greatly appreciated.

 

[Constantin]

First, I'd try to connect from your home computer via SMB with the credentials you expect to use with the Sonos and Kodi Controller, respectively. Usually, a OS will give better feedback than a Kodi / Sonos controller in case there is something wrong. If successful, dumb down the computers SMB mode to SMB1 / NTLM v.1 and see if it still can connect. See here for the info on how to do it on Windows machines.

1002 could be something as simple as a permissions issue.

However, dumbing down an entire True/FreeNAS server to SMB1 / NTLM v1 is a really bad idea. SMB1 NTLM v1 has been fully deprecated by MS since 2014 and was replaced by SMB2 in in 2007. It's known to be buggy and vulnerable. The whole point of FreeNAS is data integrity and unless your network is an air-gapped system, I wouldn't allow SMB1 on my FreeNAS. Remember, you cannot limit just a share to SMB1 with the GUI.

Instead, I use a burner NAS (Raspberry Pi + HDD) just for Sonos. Before I swore off any more Sonos updates thanks to its intended bricking of CR100 controllers, I was disappointed how many years Sonos devoted to adding streaming features and channels while 100% neglecting the NAS side of the controller. SMB2+ had been requested for years, even Ned Pyle at MS offered to help implement it, and the managers at Sonos had other priorities.

Speaking of Sonos, If you value your privacy, I'd also block all the chatter back to the mothership re: your listening habits (hundreds of attempts per zone player per day). Only one address at Sonos has to stay live to enjoy the radio, the rest can all be blocked permanently (sslvalidator.sonos.com, IIRC). Pi-Holes are great for this task, even if I also do it at the Firewall (belts and suspenders).

Another option might be a jail that gets a dedicated ethernet port and so on. That may be sufficiently safe to isolate the issues associated with SMB1 from affecting the rest of the server. Not sure how I'd set it up but imagine it's not too different from all the steps needed to get Win10 or Ubuntu installed, etc.

 

[hakayova]

Thank you for your reply @Constantin! I really appreciate it.

This is what I did so far: I disabled SMB1 and NTLMv.1. I had enabled them due to some forum posts that recommended enabling them for Sonos access at the first place. Anyway, my linux workstation has no problem in accessing the smb share with these settings enabled or disabled, without any error messages. The windows workstation can access the share with those settings disabled flawlessly, however cannot access it when those are enabled again. Sonos and Kodi cannot access the share no matter what.

• Sonos: Gives different error messages based on the scenario. Curiously I cannot get the 1002 error anymore.
  • Only SMB1 enabled: "Access to share is denied. Please check username/password"
  • Both enabled: The message is now different than before, it reads "There is no share on computer myserver"
  • Disabled: "Unable to add \\myserver\media\Music to your library (900)"
• Kodi: Cannot see any smb share on the network, although there are a few. Manual settings would not work in any SMB1/NTLMv.1 combination. It cannot see the nfs share either. However, when the settings (IP of TrueNAS) manually entered, it will show the share as a folder: /mnt/pool0/media. However, this cannot be accessed by double clicking. After fiddling with this a while, I checked /var/log/messages in TrueNAS and saw the following (redacted):

Code:

Jan 16 18:46:53 myserver kernel: pid 37017 (smbd), jid 0, uid 0: exited on signal6
Jan 16 19:23:44 myserver 1 2021-01-16T19:23:44.392400-06:00 myserver.mydomain mountd 37943 - - can't open /etc/zfs/exports
Jan 16 19:23:44 myserver nfsd: can't register svc name
Jan 16 19:29:13 myserver 1 2021-01-16T19:29:13.015782-06:00 myserver.mydomain mountd 37944 - - can't open /etc/zfs/exports
Jan 16 19:29:14 myserver 1 2021-01-16T19:29:14.208308-06:00 myserver.mydomain mountd 38177 - - can't open /etc/zfs/exports
Jan 16 19:29:14 myserver nfsd: can't register svc name
Jan 16 19:31:36 myserver 1 2021-01-16T19:31:36.475058-06:00 myserver.mydomain mountd 38178 - - mount request from 192.168.1.128 for non existent path <A0>
<F7>
Jan 16 19:31:36 myserver 1 2021-01-16T19:31:36.475081-

There is no exports file in /etc/zfs directory.

I do have a Synology NAS which is almost full and I built the TrueNAS system to replace it. It still works flawlessly with both Sonos and Kodi. Both systems have no problem in accessing it with appropriate credentials. I guess TrueNAS still has some improvements to work on.

 

[Constantin]

Unfortunately, all I can tell you is that enabling SMB1, NTLM v1 is required for Sonos. Have you tried the search function here and contacted users who were successful?

It’s odd that your computer has no issues using the same credentials. I’m also not aware how easily one can or cannot dumb down a Linux CPU to limit its SMB protocol to SMB v1. Sorry!

 

[hakayova]

Unfortunately, all I can tell you is that enabling SMB1, NTLM v1 is required for Sonos. Have you tried the search function here and contacted users who were successful?

This is a good idea and I will try it. Thank you!

For the streaming versus NAS development on Sonos part, while the latter does not have much incentive to improve, the former probably kept generating lucrative partnerships and that is how business decisions are made. Sigh...

It’s odd that your computer has no issues using the same credentials...

Indeed. In my experience, non-commercial software tends to stick with standards more reliably than the commercial ones; that may be a reason.

I never mentioned about this in my previous post but I do have a pihole set up that effectively blocks Sonos calling home feature, which is always on the higher part of the blocked list. Thank you for mentioning this too.

On a positive note, I was able to get the NFS share work with Kodi after a little fiddling. I believe I was a little unfair to TrueNAS with the last statement in my previous post. It probably is not the party to blame for the incompatibility between itself and Sonos. I for one should know that better user control always comes with more complicated settings, which are welcome. Thank you so much for sharing you experience and troubleshooting efforts with me!

 

[hakayova]

An smb fix provided by @anodos solved the issue. Unfortunately, I had to enable both smb1 and NTLM v1 auth to make it work. I wish there were an open source speaker system as an alternative to Sonos.

 

[Constantin]

The CR100 is what made the difference for me. A child proof controller that anyone with a knowledge of iPod could use. Searches can be clunky but the thing works.

biggest concern going forward is the flash memory dying on me. Don’t think that can be repaired easily without requiring a new pairing, which is death to my system since I want to stick to 7.3 and Sonos doesn’t allow users to choose their firmware.

 

[Constantin]

An smb fix provided by @anodos solved the issue....I wish there were an open source speaker system as an alternative to Sonos.

Great to hear it got fixed. @anodos is amazing and I owe him a test report re SMB Time Machine that I still have not tried out. Sorry!!

as for open source alternatives, comes down to how involved you want to get. For example, you could consider a combination of Hi-Fi Berry and RPI to be the source and any old class D amplifier to bring on the noise.

I use one such combination to stream via Bluetooth from my phone - podcasts, music, etc. They even offer versions with digital output in case you want to eliminate all losses right to the amp sitting on the speaker with a DAC. I just opted for the analog RCA version.

 

[hakayova]

...
as for open source alternatives, comes down to how involved you want to get. For example, you could consider a combination of Hi-Fi Berry and RPI to be the source and any old class D amplifier to bring on the noise.

I use one such combination to stream via Bluetooth from my phone - podcasts, music, etc. They even offer versions with digital output in case you want to eliminate all losses right to the amp sitting on the speaker with a DAC. I just opted for the analog RCA version.

Wow, this was such an eye opener for me. I haven't heard about Hi-Fi Berry project before, what a great idea! Thank you so much for sharing it. This is something that I would definitely read about more and build on. Sooner or later, I expect Sonos to fail me somehow; either by firmware updates or some other commercial means. I am not sure their business model is sustainable to be honest unless they do that kind of hanky panky.