I posted another thread relating to this (unable to access music folders on USB drive attached to UnitiStar) but some troubleshooting with Sonos customer support now means I need to ask a very specific question so I hope it’s ok to start a new thread.
So, as per the title - did Naim remove SMBv1 Support in a recent Firmware update?
Sonos are advising the errors they see in my diagnostic report call a failure to connect via SMBv1.
If it has been removed, is it possible to downgrade to a Firmware release that still has this enabled?
@Stevesky - I wondered if you would be able to comment on this as I saw another thread where you have previously mentioned it was still supported. Has that changed?
Many thanks in advance for your help. This is an issue for me as Sonos is used regularly in the house, by the whole family, to access those music folders.
Naim uses Samba in its Linux-based products. I think SMB1 is disabled by default in recent Samba releases, but only Naim can say what they have actually done in recent firmware releases for Star etc.
Best
Thanks guys, I’ve now raised the issue directly with Naim support (for some mistaken reason I had the feeling the forums were effectively the route to Naim support - so thanks for pointing me in the right direction).
Will be interested to hear what Naim say Damian. I raised a question with Naim support after the recent firmware update as I suddenly discovered I was no longer able to copy files from a windows laptop to my Core over my network. Their reply is attached, and suggests my laptop is to blame. To be honest, I have been too busy to look at this problem again after getting Duncan’s email. But perhaps our issues are related in some way?
In fact the Unitiserve/HDX need SMB1 to be enabled in the PC, but the UnitiCore is happy with any version of SMB. The biggest security concern is with SMB1, but it would be enough to enable SMB2 or SMB3 to allow the Core to talk to a Windows PC.
Hi,
SMBv1 was disabled as it is a known security risk for ransomware attacks.
“Microsoft has advised customers to stop using SMBv1 because it is extremely vulnerable and full of known exploits. WannaCry, a well-known ransomware attack, exploited vulnerabilities in the SMBv1 protocol to infect other systems. Because of the security risks , support for SMBv1 has been disabled.”
But if you have a legacy product that needs SMB1 then you have to use it. Microsoft has never issued an update for Windows XP Embedded (used by US/HDX), so those owners have to use SMB1.
This was one issue at the heart of the recent failure by Sonos to maintain legacy devices: SMB1 is deprecated (and in many / most systems can no longer be activated for the security reasons cited by others - eg UPnP servers running on Synology NAS cannot be reached via SMB1) but Sonos did not update their older models to connect over SMB2 (or 3), thus rendering them inoperable. I think only Naim can tell you if they allow an override, but if you don’t see it in settings from the server side, it seems unlikely.
As an aside, my old Sonos gained a second life since it can still connect via the Roon RAAT protocol (but cannot see any UPnP server that disables SMB1)… something to consider if you have significant investment in older Sonos hardware.
Regards alan
Edit: just saw in your other thread that you have Roon working already … sorry for wasting your time!
My Sonos is all V2 compliant at this point - but yes, I can play to Sonos via Roon (but my wife would not be happy at being forced to do that - she doesn’t use Roon).
So Naim have told me that SMBv1 should still be working fine on the UnitiStar. Sonos are now ‘stuck’ - they don’t know what else to suggest.
Literally the UnitiStar is the only network media device that the Sonos App can’t connect to. Likewise, every other device / software I have can connect fine to the UnitiStar.
Asking Naim for further help. Considering a possible firmware downgrade. It’s unlikely I guess, but could a SW bug in a recent FW upgrade cause this (a regression bug), or could their even be some corruption (again seems unlikely as Star is working fine otherwise)
There is clearly some kind of network handshaking issue between the Sonos App and the UnitiStar.
I suspect SMB is not the issue here, or at least, not all of it. I believe Sonos have never been fully compliant with UPnP/DLNA so I’m not sure if their stuff will ever be guaranteed to work reliably as such.
Innuos have a steup procedure on their servers specifically to configure them to work with Sonos devices, completely separate from the UPnP settings, which perhaps shows that expecting them to work as such is a bit optimistic.
It’s not ideal, for sure… and I’m not sure but Chris may be right about “special” expectations from Sonos for UPnP but in my system, the Sonos lost ability to see my UPnP servers (various but none Naim) at the exact moment when SMB1 connectivity was cancelled.
I went ahead and did a thing I’ve been thinking about for a while: I copied a half dozen albums to a USB key and mounted on my Nova. I enabled Server mode (which I expect should be exactly the same as Server mode on your Star). I can see it on the Nova, but not on the Sonos. I updated the Sonos app and firmware, and ensured “show UPnP servers” was enabled. No joy.
This might be something worth joining the Naim Beta team to explore. I don’t think there is much active development on the UPnP server front at the moment, but that group is for more than just bug fixes. It’s a great place to be, and you get a direct line to the development team when they are working on something of interest to you.
Alternatively, perhaps you could also set up a UPnP server on, eg, a Windows or other machine where you can definitely confugure SMB1 connections. That way, you’d have a chance to get support from Sonos. Duplicating your library is easy and useful, but you can also (probably) just point the new server at your existing library to get started.
Best wishes, totally understand the importance of user experience in choosing your app: if your wife does not prefer Roon, you need to keep debugging!
I do agree, one doesn’t in a regular home network want to be using an application that uses SMBv1. I hope Naim are working to upgrade it, if indeed it is still required by Naim. Almost no commercial organization would pass a government cyber IT health check assessment if it had connected devices with SMBv1.
A link from a reputable Cyber security company I work with.
Remember if you are connected to a public network, you must assume you will sooner or later be exposed to a malicious attack where vulnerabilities will be explored. These days perimeter firewalls (traditional firewalls) are simply friction points rather than barriers, security protection is about removing vulnerabilities and about user authentication… user authentication might be disproportionate for a small family on a low risk home network, but removing vulnerabilities definitely not.
@Richard.Dane it might be, given the serious implications of SMBv1, worth asking Naim for a response on this forum? If they no longer use it, then the issue becomes irrelevant in the context of Naim which I am sure would provide peace of mind for many Naim customers.
It’s only the Unitiserve and HDX that need SMB1 @Simon-in-Suffolk and Microsoft never released an update to Windows XP Embedded to provide SMB2 or 3, so there is nothing that Naim can do realistically.
Best
David, to me that is even more concerning. Windows XP Embedded ended extended support back in 12 January 2016… therefore there has been I believe no vulnerability support or update since that time apart from a few extreme risk security vulnerability patches provided by MS outside of lifecycle support and therefore potentially high risk.
I do feel for Naim, but it must have been identified as a risk in the product development strategy that a need to migrate to later embedded systems will be required to maintain customer security and safety as per these systems product life cycles. That doesn’t help the consumer unfortunately who inadvertently may be supporting a danger to themselves, their family or others using these systems on their home networks. Of course if Naim have hardened these devices that would mitigate this to some extent, but that would require a degree of specialism and likely security updates from Naim… surely a distraction to their core business.
The use of CoTS software provides many benefits such as reduced development costs, reduced time to market, but with it comes the cost of life cycles that you are not in control of as you have here and therefore obsolescence that you are not in control of.
Get real Simon! The HDX and Unitiserve are long gone. Naim aren’t going to be re-engineering them around another operating system. Nor should we expect it!
David, are you sure they are not still used. Believe me chap, I am very real in this regard, it’s a key part of my living… which I delicately hinted at in an earlier post.
And yes it is in my, and many other professionals opinions, grossly irresponsible to use such vulnerable systems without providing a consumer warning,
You must expect this!! Grossly negligent to do otherwise. Criminals take advantage of your implied complacency.
My point to Richard which you responded to, it is better to hear from Naim rather than potentially a brand damaging event and the bad PR that would bring.
