I dont think so, it allows outgoing connections to SMB shares to send empty password. But I agree it is not ideal for sure. That is why I use my NAS mount method, to prevent it being necessary at all.
EDIT: Also I am 99% sure SMB1 enables this setting by default which is probably why it makes things work when it is installed!
It also means unencrypted transfers and possibly other side effects. I don’t know how ROCK works, but you should be able to set security on its shares.
So I had simply assumed if someone went on a rant that SMB1 is the only supported protocol and how bad that is, that this would actually be the case, but your insightful post made me check. This is my MacBook having mounted the ROCK share, by default settings:
mario@chronic ~ % mount
/dev/disk3s1s1 on / (apfs, sealed, local, read-only, journaled)
[…]
//GUEST:@rock/Data on /Volumes/Data (smbfs, nodev, nosuid, noowners, mounted by mario)
mario@chronic ~ % ls /Volumes/Data
Codecs RAATServer Reinstall RoonOS Storage
MachineSettings README.txt RoonGoer RoonServer
mario@chronic ~ % smbutil statshares -m /Volumes/Data/|grep VERSION|awk ‘{print $2}’
SMB_2.002
mario@chronic ~ %
I apologize for not having checked before arguing myself.
Thinking of it my QNAP has smb1 disabled
And connects ok, my windows 11 does and smb 1 isn’t enabled. Yet on my Ubuntu I can only connect via smb1, tried every other way and it would not mount. So perhaps there is some compatibility issues ?
Indeed, it would appear that Roon OS is already using SMB v3.
My Windows 11 PC does not have SMB v1 enabled, but uses SMB v3, and is able to see (and write to) Roon OS file shares with no problem…
Addendum: and I don’t have the parameter AllowInsecureGuestAuth in the registry at all. I use Windows Local Accounts, and have secure access to fileshares on my Windows PC.
I guess it’s the insecure guest auth? If that is enabled then SMB 1 is not required. But if you enabled SMB1 then insecure guest auth is enabled by default.
I think it’s whether or not the SMB or samba service also supports the insecure guest auth.
My NAS (Synology) is not using SMB1 but will still connect to ROCK, so it must therefore implement insecure guest. But if it didn’t it would not work at all.
Version conflict was what I mean. I can mount via the Ubuntu desktop no issues. But setting it to mount auto via fstab it would not do it without being set it use smb1.
Makes sense, I have had apps on my phone that won’t connect to it and some that do. So I think your right that it’s down to it not having a none guest username and some support that others don’t.
Coming to think of it, I ran Ubuntu until December, how quickly we forget. I only ever mounted ROCK in the Nautilus file manager and it connected fine. Ubuntu should try the highest version possible, but I never checked the version and no idea what it negotiated eventually. Now I have Ubuntu in a Parallels VM on the Mac and I tried now, but from within the VM the ROCK gets mounted via prl_fs (Parallels FS), so samba does not get actually involved and so there is no version to check.
Given the take up of windows 11 that leaves a looong window of availability for home users. I’m still on 10 as I dont have a TPM chip.
Also most people don’t run roon on their work kit.
None of my work laptops from a proper enterprise class environment would let me install it never mind allow the connectivity.
I use a combination of NUC10i5 with Roon 1.8 Legacy with Synology NAS. I just checked that the SMB was configured with maximum SMB3 dan minimum SMB2. I have not tried setting the minimum to SMB3 (i.e. forcing it to run SMB3 exclusively). But it runs fine. So I guess at the minimum ROON supports SMB2.
SMB 2.002 is used for connections to ROCK. So no “SMB 1 only”, as has been pointed out before by other people already. SMB 3 would be nice to have in the future though.
The real security risk is definitely the guest access. More security using proper login credentials to ROCK (both Web interface and SMB access) has been on the wishlist for RoonOS 2.0 for a long time and should definitely be delivered by ROON to meet reasonable security standards.
Accompanied by an (default) option, to not use login credentials, the choice is with the user and everybody will be happy.
I only ever mounted ROCK in the Nautilus file manager and it connected fine. Ubuntu should try the highest version possible, but I never checked the version and no idea what it negotiated eventually. Now I have Ubuntu in a Parallels VM on the Mac and I tried now, but from within the VM the ROCK gets mounted via prl_fs (Parallels FS), so samba does not get actually involved and so there is no version to check.