 |
|
| |
| Introduction
| |
Windows File Sharing lets you map your VPS as a network drive on your own computer — it appears
in Windows Explorer or the macOS Finder like a local disk, and you drag files to and from it. The feature
is provided by Samba, the Unix
implementation of the SMB protocol that Windows uses for file sharing. Samba is available on both
FreeBSD 15 and Rocky Linux 10; this page covers installing it, sharing a directory, and
— importantly — turning on SMB3 encryption so that traffic between your computer and the
VPS is protected.
|
NOTE: If you only need to move files occasionally, the simplest and safest option is
SFTP over SSH, which is
encrypted by default, needs no server setup, and works with a friendly graphical client such as
FileZilla. Reach for Samba when you specifically want a mapped drive that stays
connected.
|
| |
| Installing Samba
| |
Install the Samba package, then enable and start its service. On FreeBSD 15:
# pkg install samba419 # or the current samba4xx package
# sysrc samba_server_enable=YES
# service samba_server start
# # configuration lives in /usr/local/etc/smb4.conf
On Rocky Linux 10, also open the firewall and let SELinux share files:
# dnf install samba samba-client
# systemctl enable --now smb # (nmb too, only if you need NetBIOS name resolution)
# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload
# setsebool -P samba_enable_home_dirs on # allow Samba to serve home directories
# # configuration lives in /etc/samba/smb.conf
If instead of home directories you share a dedicated folder such as /srv/share, give it the
right SELinux label on Rocky Linux: semanage fcontext -a -t samba_share_t '/srv/share(/.*)?'
followed by restorecon -Rv /srv/share.
| |
| Creating a Share and an SMB User
| |
Edit the configuration file (/usr/local/etc/smb4.conf on FreeBSD, /etc/samba/smb.conf on
Rocky Linux). A minimal setup that shares each user’s home directory looks like this:
[global]
workgroup = WORKGROUP
server string = GSP VPS
security = user
server min protocol = SMB3 # refuse the obsolete, insecure SMB1
server smb encrypt = required # require encryption -- see the next section
[homes]
comment = Home Directory
browseable = no
read only = no
valid users = %S
Samba keeps its own password database separate from the system login, so each person who will connect
needs an SMB password set once (the account must already exist as a Unix user):
# smbpasswd -a youruser # set this user's SMB password
# testparm # check smb.conf for syntax errors
Reload the service after editing the file — service samba_server restart on FreeBSD,
systemctl restart smb on Rocky Linux.
| |
| Enabling Encryption
| |
SMB version 3 can encrypt the entire session, so file contents and credentials are protected in
transit. This is controlled by the server smb encrypt setting, placed in the [global]
section to cover the whole server, or inside a single [share] block to apply to just that share.
Its values are:
| Value |
Effect |
| required | Every connection must be encrypted; clients that cannot are refused |
| desired | Encrypt whenever the client supports it; otherwise allow the connection unencrypted |
| if_required (default) | Encrypt only where a specific share demands it; otherwise off |
| off | Never encrypt |
To require encryption for everything, set it globally (and require SMB3, which encryption depends on):
[global]
server min protocol = SMB3
server smb encrypt = required
To require it for only one share, leave the global value alone and put the setting in that share:
[private]
path = /srv/share
read only = no
valid users = youruser
server smb encrypt = required
Restart Samba, then confirm sessions are actually encrypted — smbstatus lists each
connection with its encryption status in the “Encryption” column:
# smbstatus
|
WARNING: SMB3 encryption needs a modern client — Windows 8 / Windows
Server 2012 or newer, macOS, or smbclient 4.1+. Older clients will be turned
away when you set required, which is the point. Because file sharing over the open
Internet is risky, set server smb encrypt = required whenever the service is reachable
from outside, and additionally restrict access — limit the firewall to known source
addresses, or reach the share through a VPN or an SSH tunnel rather than exposing port 445 to
the world.
|
| |
| Connecting from Your Computer
| |
Once the share is running, connect from your desktop using your Unix username and the SMB password you
set with smbpasswd. Replace 203.0.113.10 with your VPS address and youruser with your
login:
| Client |
How to connect |
| Windows | Explorer → Map network drive → \\203.0.113.10\youruser (or net use Z: \\203.0.113.10\youruser) |
| macOS | Finder → Go → Connect to Server → smb://203.0.113.10/youruser |
| Linux | smbclient //203.0.113.10/youruser -U youruser, or mount with mount -t cifs |
Choose “reconnect at sign-in” (Windows) or add the share to your login items (macOS) to
have the drive reappear automatically each time.
| |
| Documentation
| |
The configuration file has hundreds of options; read man smb.conf on the VPS (or the
online manual pages) for the full list,
and man smbd and man smbpasswd for the daemon and password tool. The Samba project’s
own documentation at samba.org is
thorough. For locking the server down more broadly, see
Securing Your VPS.
|
Toll Free 1-866-GSP-4400 • 1-301-464-9363 • service@gsp.com
Copyright © 1994-2026 GSP Services, Inc.
|