Sonos Access to Samba Shares

Support
1

Hi there,

this is just a feedback on SONOS. Sonos and Nethserver were working for me quite stable for approx. 3 month with the following setup:

  • a separate samba share called “music”
  • the owner group is called multimedia@mydomain.tld with read / write access
  • the group populated with different users inculding user “sonos@mydomain.tld”

Within Sonos Controller App (Windows or IOS), I connected the share as a NAS using user “sonos” and correspondig password. This worked very well.

After a recent update (either Sonos or Nethserver), Nethserver prohibited access and reported a login error. I was not able to recieve music from the share. After several trails and errors I found that

ntlm auth = yes

is now mandatory required within [global] section of /var/lib/machines/nsdc/etc/samba/smb.conf. I do not know if this is caused by SONOS or Nethserver updates.

Please let me know if you made similiar experineces recently.
By change does anybody know if ntlm auth = yes bears any risks?

I hope this helps other people to connect their Sonos Devices.
Best regards
Thorsten

References:

4 Likes
2

Well I’m facing the same problem. My Sonos system can no longer access my local share with mp3 files. Share configured to allow guest access…

Any suggestions as to what might be the root cause to this problem?

3

Maybe you can to adjust temporatry:

nano /var/lib/machines/nsdc/etc/samba/smb.conf

within [global] add

ntlm auth = yes

and restart the samba server

systemctl -M nsdc restart samba

1 Like
4

Hi there,
Thanx, I’ll test during the week and let you know the resutl.
Regards
/Mathias

5

Is possibile to have some informations about the security policy of the installation?
The complexity criteria for users password has been removed?

6

In this case, I used the default password policy from Nethserver.

grafik

Main user account passwords are usually 8-10 charakters, upper / lower case letters, digits and lower ansii charakters such as .!_-,$?. Any other account is much more complex, see screenshot of my favorite password safe / creator default settings:

grafik
grafik.png505×588 58.2 KB

1 Like
7

I can confirm that the solution proposed by @thorsten did the trick. Now I can access my folder with music files from Sonos. Thanx! :slight_smile:

Will this change survive the next update of Samba or Nethserver?

Regards
/Mathias

8

If the smb.conf file ends with something like include extra.conf…

You can put a global section in the extra and Samba will merge it in. If course you can put extra shares in an extra.conf

I am speaking from prior experience with a different Samba offering that had includes for customization. I am new to Nethserver and have not worked through enough of its pieces to speak from experience.

2 Likes
9

I am an absolute noob on nethserver config. Samba is definatly not my strength, either. Consequently

  1. I do not give any garantee that this works
  2. I may not held responsible for any security issues this might cause.

@stephdl: Can you please countercheck my output for correctness:

You may adjust
/etc/e-smith/templates/var/lib/machines/nsdc/etc/samba/smb.conf.include/10base

but I am not sure if this does survice a nethserver update. Maybe it is even better do add the file

/etc/e-smith/templates/var/lib/machines/nsdc/etc/samba/smb.conf.include/20custom

containing just:
ntlm auth = yes

Hope this helps.
Best regards
Thorsten

1 Like
10

[root@prometheus ~]# grep -srni ‘ntlm auth’ /etc/e-smith/

/etc/e-smith/templates/var/lib/machines/nsdc/etc/systemd/system/samba-provision.service/20service:22:    "--option=ntlm auth = yes" \
/etc/e-smith/templates/var/lib/machines/nsdc/etc/systemd/system/samba-provision.service/20service:38:        "--option=ntlm auth = yes" \

I do not know what you intend to do, the service is already set to start with your option, saying that your way to add a custom option is good
another way could be to make a custom template

/etc/e-smith/templates-custom/var/lib/machines/nsdc/etc/samba/smb.conf.include/10base

copy the old content and add yours

after that do not forget to expand the template in the two cases

signal-event nethserver-dc-save

11

Hi,
found this topic after googling.
I recently bought a Sonos, only after assuring it was able to play my local contant from a smb-share.
At first, the Sonos-app was not able to find my mp3’s on the share, but after manually adding
ntlm auth = yes
to /var/lib/machines/nsdc/etc/samba/smb.conf and restarting samba, it worked. (As suggested in posting 3 bij @thorsten.
But, to make sure this setting is persistent I have to do something with templates, to which I am new.
Posting 10 from @stephdl seems to suggest (to me) that no edit is needed, since this setting is already in a template (In my setup, it is in /etc/e-smith/templates/var/lib/machines/nsdc/etc/systemd/system/samba-provision.service/20service)
However, I had to manually add it at first.
So, do I have to do anything to make this setting stick? Or am I fine?
Instructions seem to contradict evidence…
Please enlighten me… (<< “Help”)

12

oops… I am a little late
I just modified the file as mentioned above and restarted it many times in the meantime without any problem.
Keep in mind that I have not made any changes to the AD anymore.

In the meantime Sonos has released Sonos S2 that still hasn’t solved the problem with the right pissing off of the various customers…

13

I’m necroposting to report that since the latest update/firmware (v.13.4.1) of the Sonos S2 app, it appears SMBv2 and SMBv3 are supported.

Obviously I haven’t tried :slight_smile:

https://support.sonos.com/s/article/3521

14

Such early adopters!

1 Like
15

I use the passwordgenerator from KeepassXC:

afbeelding
afbeelding1130×898 72.1 KB