[slurm-users] Authentication

[Sterner, Douglas E. via slurm-users]

New kubernetes deployment and I can't authenticate via ssh using AD credentials to the login controller. Both id and getent resolve user correctly. I have tried every sssd parameter known to mankind. Can someone provide a working example of an sssd.conf for active directory non ssl that I can compare against. Also do I need to do this in the values.yaml?

 

slurm:

  config:

    # Explicitly enable PAM for node environments and pam_slurm_adopt

    UsePAM: 1

 

Thanks,

 

Douglas Sterner

Johns Hopkins Applied Physics Laboratory

NSAD / JAF

11100 Johns Hopkins Road.

Laurel, MD 20723-6091

 

[Andrew Ferris via slurm-users]

Here's a sanitized sssd.conf that works on our slurm compute nodes:

[sssd]

domains = [AD_FQDNS]

config_file_version = 2

services = nss, pam

[domain/[AD_FQDNS]

default_shell = /bin/bash

krb5_store_password_if_offline = True

cache_credentials = True

krb5_realm = [ALLCAPS_AD_FQDNS]

realmd_tags = manages-system joined-with-adcli

id_provider = ad

fallback_homedir = /home/%u

ad_domain = [AD_FQDNS]

use_fully_qualified_names = False

ldap_id_mapping = True

access_provider = ad

AD_FQDNS is the fully qualified dns name of AD

ALLCAPS is where the AD FQDNS is capitalized

I hope it helps.

Andrew Ferris  (He, Him, His)
Network & Systems Management
UBC Centre for Heart-Lung Innovation
The University of British Columbia | St. Paul's Hospital | Musqueam, Squamish & Tsleil-Waututh Traditional Territory
Room 166 -1081 Burrard Street | Vancouver Canada | V6Z 1Y6 Canada
Phone 604 806 8346
andrew...@hli.ubc.ca
https://www.hli.ubc.ca

 

>>> "Sterner, Douglas E. via slurm-users" <slurm...@lists.schedmd.com> 6/2/2026 9:55 AM >>>