[Samba] Problem with data base after abnormal shutdown

Andrew Bartlett abartlet at samba.org
Mon Mar 12 22:01:56 UTC 2018

On Mon, 2018-03-12 at 17:50 -0400, Rommel Rodriguez Toirac via samba
> Hello;
> last week the power (energy) of the servers fail and it shutdown all.  
> When the power restart in the check I find that the samba4 AD DC have  
> problems. It work, but the users in some of the container or OU  
> dissapear, I mean, when I check with the RSAT the OU in with the user  
> most be, is empty
>   When I try to run # samba-tool dbcheck this is what I have:
> [root at gtmad ~]# samba-tool dbcheck
> ltdb:  
> tdb(/var/lib/samba/private/sam.ldb.d/DC=GTM,DC=ONAT,DC=GOB,DC=CU.ldb):  
> tdb_rec_read bad magic 0x303038 at offset=2613200
> ERROR(ldb): uncaught exception - Indexed and full searches both failed!

> [root at gtmad ~]# samba-tool user edit orelvis
> dn: CN=Orelvis Caraballo Pileta,OU=juridico,OU=gtm,DC=gtm,DC=onat,DC=gob,DC=cu

>   As can see, still in OU juridico.
>   I create again the users that have been dissapear from his container  
> or OU, but the problem with the command still there.
>   Is there something that I can do to solve this? I do well creating  
> the users again?

Your database is in very bad shape, and I hope you have good backups,
as you are better to try and work from them.

Assuming you don't, I hope you at least have good backups from before
you started trying to fix this.

Additionally, please look at the storage architecture you are using, as
Samba's TDB is meant to be poweroff safe, assuming the OS is honouring
the fsync() calls it makes.  However sometimes the layers under Samba
can ignore that.

Finally, to work with this file, you need to use the ldbdump tool. 
This has two modes, a normal search of the DB and a emergency search
looking for special magic values in the database to work around

Your task is to try and extract as much as possible of the domain and
work out if you either have all the objects (in which case re-injecting 
the objects into a new tdb backend database, and running dbcheck --
reindex might be enough) or if you need to re-create your domain with
the same parameters and then manually re-inject some objects (watching
out for SID collision). 

Both of these are not tasks for the faint of heart!  You would do best
to get some professional support for such a recovery. 

I hope this helps,

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba mailing list