[Samba] Repeat core dumps due to libgcrypt?

Andrew Bartlett abartlet at samba.org
Wed Apr 6 22:49:14 UTC 2016 

On Tue, 2016-04-05 at 08:15 -0600, Ochressandro Rettinger wrote:
> 
> On Tue, 5 Apr 2016, Ochressandro Rettinger wrote:
> 
> > 
> > 
> > 
> > On Tue, 5 Apr 2016, Andrew Bartlett wrote:
> > 
> > > 
> > > On Mon, 2016-04-04 at 14:48 -0600, Ochressandro Rettinger wrote:
> > > > 
> > > >  	Hi, sorry.  I have spent about 4 hours googling, and
> > > > had no
> > > > luck.
> > > > I'm getting repeat core dumps out of smbd, and nothing I've
> > > > gotten
> > > > from
> > > > the log file has successfully pointed me at any indication that
> > > > anyone
> > > > else has posted about this problem before.
> > > > 
> > > > ------
> > > > 
> > > > libgcrypt selftest: binary  (0): Selftest failed
> > > > (/lib64/.libgcrypt.so.11.hmac)
> > > > fatal error in libgcrypt, file visibility.c, line 1250,
> > > > function
> > > > gcry_create_nonce: called in non-operational state
> > > This is very interesting.  I think you are linking to an older
> > > version
> > > of gnutls, perhaps upgrade your OS, as the newer versions use
> > > libnettle
> > > and so perhaps that avoids the issue.
> > > 
> > > I don't normally suggest changing the OS to fix a Samba issue,
> > > but this
> > > is a bid different:
> > > 
> > > What is happening here is that when we spawn a child to check the
> > > print
> > > queues, that is failing to connect to your cups server over HTTPS
> > > because of some issue inside gcrypt, use by gnutls, used by cups.
> > > 
> > > Otherwise, perhaps if CUPS is on the same host, avoid using SSL
> > > to talk
> > > to it?
> > 	I've got the most updated version of RHEL running on that
> > system. So 
> > I'm not quite sure what I'd upgrade there.  Unless it's RHEL itself
> > that's 
> > packaging an older version of gnutls.
> > 
> > 	I continued googling for answers after I wrote, and found a 
> > suggestion that it might be related to FIPS mode, and indeed, when
> > I turn off 
> > FIPS mode on the OS, it stops doing this.  But that's not really a
> > viable 
> > long term solution.
> > 
> > 	To be honest, I'm not sure why Samba is trying to connect to a
> > cups 
> > server at all, because I thought I had turned printing via Samba
> > *off*... 
> > Since I clearly haven't done that, how can I do that?
>  	Ok, I found instructions on turning off the printers.  Which
> seems 
> to have stopped my repeated core dump problem which is nice.
> 
>  	So is this a bug in cups or libgcrypt or samba or what?

If this is real RHEL, then use your subscription and file a bug against
libgcrypt in FIPS mode, and they can re-assign to samba if they think
we are providing an unreasonable environment for the library.

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

More information about the samba mailing list