GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
* Sign Up! *

Support
Customer Portal
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Windows File Sharing with Samba

bullet Introduction

Windows File Sharing lets you map your VPS as a network drive on your own computer — it appears in Windows Explorer or the macOS Finder like a local disk, and you drag files to and from it. The feature is provided by Samba, the Unix implementation of the SMB protocol that Windows uses for file sharing. Samba is available on both FreeBSD 15 and Rocky Linux 10; this page covers installing it, sharing a directory, and — importantly — turning on SMB3 encryption so that traffic between your computer and the VPS is protected.

NOTE: If you only need to move files occasionally, the simplest and safest option is SFTP over SSH, which is encrypted by default, needs no server setup, and works with a friendly graphical client such as FileZilla. Reach for Samba when you specifically want a mapped drive that stays connected.

 

bullet Installing Samba

Install the Samba package, then enable and start its service. On FreeBSD 15:

# pkg install samba419          # or the current samba4xx package
# sysrc samba_server_enable=YES
# service samba_server start
#                              # configuration lives in /usr/local/etc/smb4.conf

On Rocky Linux 10, also open the firewall and let SELinux share files:

# dnf install samba samba-client
# systemctl enable --now smb                     # (nmb too, only if you need NetBIOS name resolution)
# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload
# setsebool -P samba_enable_home_dirs on         # allow Samba to serve home directories
#                                                # configuration lives in /etc/samba/smb.conf

If instead of home directories you share a dedicated folder such as /srv/share, give it the right SELinux label on Rocky Linux: semanage fcontext -a -t samba_share_t '/srv/share(/.*)?' followed by restorecon -Rv /srv/share.

 

bullet Creating a Share and an SMB User

Edit the configuration file (/usr/local/etc/smb4.conf on FreeBSD, /etc/samba/smb.conf on Rocky Linux). A minimal setup that shares each user’s home directory looks like this:

[global]
   workgroup = WORKGROUP
   server string = GSP VPS
   security = user
   server min protocol = SMB3      # refuse the obsolete, insecure SMB1
   server smb encrypt = required   # require encryption -- see the next section

[homes]
   comment = Home Directory
   browseable = no
   read only = no
   valid users = %S

Samba keeps its own password database separate from the system login, so each person who will connect needs an SMB password set once (the account must already exist as a Unix user):

# smbpasswd -a youruser     # set this user's SMB password
# testparm                  # check smb.conf for syntax errors

Reload the service after editing the file — service samba_server restart on FreeBSD, systemctl restart smb on Rocky Linux.

 

bullet Enabling Encryption

SMB version 3 can encrypt the entire session, so file contents and credentials are protected in transit. This is controlled by the server smb encrypt setting, placed in the [global] section to cover the whole server, or inside a single [share] block to apply to just that share. Its values are:

 Value 
 Effect 
 required  Every connection must be encrypted; clients that cannot are refused 
 desired  Encrypt whenever the client supports it; otherwise allow the connection unencrypted 
 if_required (default Encrypt only where a specific share demands it; otherwise off 
 off  Never encrypt 

To require encryption for everything, set it globally (and require SMB3, which encryption depends on):

[global]
   server min protocol = SMB3
   server smb encrypt = required

To require it for only one share, leave the global value alone and put the setting in that share:

[private]
   path = /srv/share
   read only = no
   valid users = youruser
   server smb encrypt = required

Restart Samba, then confirm sessions are actually encrypted — smbstatus lists each connection with its encryption status in the “Encryption” column:

# smbstatus

WARNING: SMB3 encryption needs a modern client — Windows 8 / Windows Server 2012 or newer, macOS, or smbclient 4.1+. Older clients will be turned away when you set required, which is the point. Because file sharing over the open Internet is risky, set server smb encrypt = required whenever the service is reachable from outside, and additionally restrict access — limit the firewall to known source addresses, or reach the share through a VPN or an SSH tunnel rather than exposing port 445 to the world.

 

bullet Connecting from Your Computer

Once the share is running, connect from your desktop using your Unix username and the SMB password you set with smbpasswd. Replace 203.0.113.10 with your VPS address and youruser with your login:

 Client 
 How to connect 
 Windows  Explorer → Map network drive\\203.0.113.10\youruser  (or net use Z: \\203.0.113.10\youruser
 macOS  Finder → Go → Connect to Serversmb://203.0.113.10/youruser 
 Linux  smbclient //203.0.113.10/youruser -U youruser, or mount with mount -t cifs 

Choose “reconnect at sign-in” (Windows) or add the share to your login items (macOS) to have the drive reappear automatically each time.

 

bullet Documentation

The configuration file has hundreds of options; read man smb.conf on the VPS (or the online manual pages) for the full list, and man smbd and man smbpasswd for the daemon and password tool. The Samba project’s own documentation at samba.org is thorough. For locking the server down more broadly, see Securing Your VPS.


Toll Free 1-866-GSP-4400 • 1-301-464-9363 • service@gsp.com
Copyright © 1994-2026 GSP Services, Inc.