Caches and Databases in AD Bridge

To maintain the current state and to improve performance, the AD Bridge Enterprise authentication service (lsass) caches information about users and groups in memory.

You can change the cache to store the information in a SQLite database.

For more information, please see the AD Bridge Enterprise Administration Guide.

The AD Bridge Enterprise site affinity service, netlogon, caches information about the optimal domain controller and global catalog in the AD Bridge Enterprise registry.

The following files are in /var/lib/pbis/db:

File Description

registry.db

The SQLite 3.0 database in which the AD Bridge Enterprise registry service, lwreg, stores data.

sam.db

Repository managed by the local authentication provider to store information about local users and groups.

lwi_events.db

The database in which the event logging service, eventlog, records events.

lsass-adcache.filedb.FQDN

Cache managed by the Active Directory authentication provider to store user and group information. The file is in /var/lib/pbis/db. In the name of the file, FQDN is replaced by your fully qualified domain name.

Since the default UIDs that AD Bridge Enterprise generates are large, the entries made by the operating system in the lastlog file when AD users log in make the file appear to increase to a large size. This is normal and should not cause concern. The lastlog file (typically /var/log/lastlog) is a sparse file that uses the UID and GID of the users as disk addresses to store the last login information. Because it is a sparse file, the actual amount of storage used by it is minimal.

Additional information about a computer's Active Directory domain name, machine account, site affinity, domain controllers, forest, the computer's join state, and so forth is stored in the AD Bridge Enterprise registry. Here is an example of the kind of information that is stored under the netlogon key:

[HKEY_THIS_MACHINE\Services\netlogon\cachedb\example.com-0]
"DcInfo-ClientSiteName"="Default-First-Site-Name"
"DcInfo-DCSiteName"="Default-First-Site-Name"
"DcInfo-DnsForestName"="example.com"
"DcInfo-DomainControllerAddress"="192.168.92.20"
"DcInfo-DomainControllerAddressType"=dword:00000017
"DcInfo-DomainControllerName"="w2k3-r2.example.com"
"DcInfo-DomainGUID"=hex:71,c1,9e,b5,18,35,f3,45,ba,15,05,95,fb,5b,62,e3
"DcInfo-Flags"=dword:000003fd
"DcInfo-FullyQualifiedDomainName"="example.com"
"DcInfo-LMToken"=dword:0000ffff
"DcInfo-NetBIOSDomainName"="EXAMPLE"
"DcInfo-NetBIOSHostName"="W2K3-R2"
"DcInfo-NTToken"=dword:0000ffff
"DcInfo-PingTime"=dword:00000006
"DcInfo-UserName"=""
"DcInfo-Version"=dword:00000005
"DnsDomainName"="example.com"
"IsBackoffToWritableDc"=dword:00000000
"LastDiscovered"=hex:c5,d9,86,4b,00,00,00,00
"LastPinged"=hex:1b,fe,86,4b,00,00,00,00
"QueryType"=dword:00000000
"SiteName"=""

Name Service Caching Daemon (NSCD)

Disable nscd for optimal efficiency.

AD Bridge best practice is to disable the nscd cache from the configuration file /etc/nscd.conf.

If nscd is not disabled, clear the cache after a domain join by restarting the service: service nscd restart/reload.

Cached Credentials

AD Bridge caches credentials so that users can log on when their Linux or Unix computer is disconnected from the network or if their Active Directory services are unavailable.