I solved this issue by adding a group to IPA that matched the same name and GID of the local groups, then using [SUCCESS=merge] in nsswitch.conf for groups, and on our CentOS 8 nodes adding "enable_files_domain = False" in the sssd.conf file*.*
On Fri, Jan 28, 2022 at 5:02 PM Ratnasamy, Fritz < fritz.ratnas...@chicagobooth.edu> wrote: > Hi Mitchell, Remi > > This is what returned the command: find /sys/fs/cgroup -name "*71953*" > /sys/fs/cgroup/freezer/slurm/uid_71953 > /sys/fs/cgroup/devices/slurm/uid_71953 > /sys/fs/cgroup/cpuset/slurm/uid_71953 > /sys/fs/cgroup/cpu,cpuacct/slurm/uid_71953 > /sys/fs/cgroup/memory/slurm/uid_71953 > > Do you have any idea what could cause the issue? > Thanks, > > *Fritz Ratnasamy* > > Data Scientist > > Information Technology > > The University of Chicago > > Booth School of Business > > 5807 S. Woodlawn > > Chicago, Illinois 60637 > > Phone: +(1) 773-834-4556 > > > On Fri, Jan 28, 2022 at 12:01 PM Walls, Mitchell <miwa...@siue.edu> wrote: > >> Do you see the uid in /sys/fs/cgroup? (i.e. find /sys/fs/cgroup -name >> "*71953*"). If not that could point to cgroup config. >> >> ________________________________________ >> From: slurm-users <slurm-users-boun...@lists.schedmd.com> on behalf of >> Ratnasamy, Fritz <fritz.ratnas...@chicagobooth.edu> >> Sent: Friday, January 28, 2022 11:13 AM >> To: Rémi Palancher; Slurm User Community List; James Millsap >> Subject: Re: [slurm-users] Secondary Unix group id of users not being >> issued in interactive srun command >> >> Hi Remi, >> >> Yes it does return the same id. See below: >> johndoe@ecolonnelli:~ $ id >> uid=71953(johndoe) gid=100026(Faculty_Collab) >> groups=100026(Faculty_Collab),100181(ecolonnelli_access) >> johndoe@ecolonnelli:~ $ id johndoe >> uid=71953(johndoe) gid=100026(Faculty_Collab) >> groups=100026(Faculty_Collab),1000(projectsbrasil),1003(core),1549(rais),1550(rfb),1552(polconnfirms),1558(vpce),1559(rfb_all),1563(johndoe),100181(ecolonnelli_access) >> >> Fritz Ratnasamy >> Data Scientist >> Information Technology >> The University of Chicago >> Booth School of Business >> 5807 S. Woodlawn >> Chicago, Illinois 60637 >> Phone: +(1) 773-834-4556 >> >> >> On Fri, Jan 28, 2022 at 2:04 AM Rémi Palancher <r...@rackslab.io<mailto: >> r...@rackslab.io>> wrote: >> Le vendredi 28 janvier 2022 à 06:56, Ratnasamy, Fritz < >> fritz.ratnas...@chicagobooth.edu<mailto:fritz.ratnas...@chicagobooth.edu>> >> a écrit : >> >> > Hi, >> > >> > I have a similar issue as described on the following link ( >> https://groups.google.com/g/slurm-users/c/6SnwFV-S_Nk)A machine had some >> existing local permissions. We have added it as a compute node to our >> cluster via Slurm. When running an srun interactive session on that >> server,it would seem that the LDAP groups shadow the local groups. >> > >> > johndoe@ecolonnelli:~ $ groups >> > >> > Faculty_Collab ecolonnelli_access #Those are LDAP groups >> > >> > johndoe@ecolonnelli:~ $ groups johndoe >> > >> > johndoe : Faculty_Collab projectsbrasil core rais rfb polconnfirms >> johndoe vpce rfb_all backup_johndoe ecolonnelli_access >> >> The difference between the first and the second command could be the UID >> used for the resolution. The first command calls getgroups() syscall using >> the UID of the shell. The second command resolves johndoe UID through >> nsswitch stack then looks after the groups of this UID. >> >> Do you have johndoe declared in both local /etc/passwd and LDAP directory >> with different UID? >> >> Do `id` and `id johndoe` return the same UID? >> >> -- >> Rémi Palancher >> Rackslab: Open Source Solutions for HPC Operations >> https://rackslab.io >> >> >> CAUTION: This email has originated outside of University email systems. >> Please do not click links or open attachments unless you recognize the >> sender and trust the contents as safe. >> >> >> CAUTION: This email has originated outside of University email systems. >> Please do not click links or open attachments unless you recognize the >> sender and trust the contents as safe. >> >>
