TDB corruption on sam.ldb tdb files

Andrew Bartlett abartlet at
Mon Sep 24 21:37:05 MDT 2012

On Sat, 2012-09-22 at 14:06 +1200, Andrew Walters wrote:
> Resending as I used a non list subscribed from address previously. Sorry for the duplicate message.
> ----- Original Message -----
> > From: "Andrew Bartlett" <abartlet at>
> > 
> > I doubt this will work.  As soon as you have to read that failed
> > record, it will fail.  Aside from tdbbackup, we don't have any
> > automatic tools to help here.
> Ok I'll shelve that idea.
> > Have you looked at the binary tdb to work out what the bad magic is?
> Using this as a reference: tdb_rec_read bad magic 0x6863733d at offset=1773572
> failed to copy DC=AD,DC=(domain name).ldb
> Viewing and trying to make sense of the binary content of a file is pushing my level of understanding, but I'll have a go.
> Using ghex2, and going to byte 1773572, I see the it has the value 0x74 which is the letter 't' in a reference to a machine account, CN=(computer name), CN=Computers,DC=(domain name). Byte 1773572 is the 't' in 'Computers'. So it's in the middle of a record. 124-127 bytes earlier is the string "@IDX" so I guess it's part of the index that I'm looking at.
> Between @IDX and the above computer name is one more computer name, and after it are four more computer names, all intact, no unexpected characters. After that is a partial UUID, CN=c88227bc-fcca-4b58 (it stops there).
> 0x6863733d spells out "hcs=", but if I search that file for that phrase I don't get a result.
> Am I looking for the right stuff here?
> Andrew B, would it be worth me sending you the ldb file to have a look at?

I'm always cautious about accepting these, as the files contain quite
sensitive data, but it may come to that.

I've CC'ed rusty, our TDB maintainer, who is keen to help get to the
bottom of this. 


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list