<div dir="ltr">I solved this issue by adding a group to IPA that matched the same name and GID of the local groups, then using [SUCCESS=merge] in nsswitch.conf for groups, and on our CentOS 8 nodes adding "enable_files_domain = False" in the sssd.conf file<b>.</b><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 28, 2022 at 5:02 PM Ratnasamy, Fritz <<a href="mailto:fritz.ratnasamy@chicagobooth.edu">fritz.ratnasamy@chicagobooth.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Mitchell, Remi<div><br>This is what returned the command:  <font face="monospace">find /sys/fs/cgroup -name "*71953*"</font></div><font face="monospace">/sys/fs/cgroup/freezer/slurm/uid_71953<br>/sys/fs/cgroup/devices/slurm/uid_71953<br>/sys/fs/cgroup/cpuset/slurm/uid_71953<br>/sys/fs/cgroup/cpu,cpuacct/slurm/uid_71953<br>/sys/fs/cgroup/memory/slurm/uid_71953</font><div><br></div><div>Do you have any idea what could cause the issue?</div><div>Thanks, <br clear="all"><div><div dir="ltr"><div dir="ltr"><p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><b><span style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(156,29,33)">Fritz Ratnasamy</span></b><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(156,29,33)">Data Scientist</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:Arial,sans-serif;color:rgb(156,29,33)">Information Technology</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="color:rgb(103,110,115);font-family:Times,serif;font-size:10.5pt">The University of Chicago</span></p><p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:Times,serif;color:rgb(103,110,115)">Booth School of Business</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:Times,serif;color:rgb(103,110,115)">5807 S. Woodlawn</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:Times,serif;color:rgb(103,110,115)">Chicago,</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"> </span><span style="font-size:10.5pt;font-family:Times,serif;color:rgb(103,110,115)">Illinois</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"> </span><span style="font-size:10.5pt;font-family:Times,serif;color:rgb(103,110,115)">60637</span></p>

<p class="MsoNormal" style="background-image:initial;background-position:initial;background-repeat:initial"><span style="font-size:10.5pt;font-family:Times,serif;color:rgb(103,110,115)">Phone: +(1) 773-834-4556</span><span style="font-size:10.5pt;font-family:"Helvetica Neue";color:rgb(51,51,51)"></span></p></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 28, 2022 at 12:01 PM Walls, Mitchell <<a href="mailto:miwalls@siue.edu" target="_blank">miwalls@siue.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Do you see the uid in /sys/fs/cgroup? (i.e. find /sys/fs/cgroup -name "*71953*"). If not that could point to cgroup config.<br>
<br>
________________________________________<br>
From: slurm-users <<a href="mailto:slurm-users-bounces@lists.schedmd.com" target="_blank">slurm-users-bounces@lists.schedmd.com</a>> on behalf of Ratnasamy, Fritz <<a href="mailto:fritz.ratnasamy@chicagobooth.edu" target="_blank">fritz.ratnasamy@chicagobooth.edu</a>><br>
Sent: Friday, January 28, 2022 11:13 AM<br>
To: Rémi Palancher; Slurm User Community List; James Millsap<br>
Subject: Re: [slurm-users] Secondary Unix group id of users not being issued in interactive srun command<br>
<br>
Hi Remi,<br>
<br>
 Yes it does return the same id. See below:<br>
johndoe@ecolonnelli:~ $ id<br>
uid=71953(johndoe) gid=100026(Faculty_Collab) groups=100026(Faculty_Collab),100181(ecolonnelli_access)<br>
johndoe@ecolonnelli:~ $ id johndoe<br>
uid=71953(johndoe) gid=100026(Faculty_Collab) groups=100026(Faculty_Collab),1000(projectsbrasil),1003(core),1549(rais),1550(rfb),1552(polconnfirms),1558(vpce),1559(rfb_all),1563(johndoe),100181(ecolonnelli_access)<br>
<br>
Fritz Ratnasamy<br>
Data Scientist<br>
Information Technology<br>
The University of Chicago<br>
Booth School of Business<br>
5807 S. Woodlawn<br>
Chicago, Illinois 60637<br>
Phone: +(1) 773-834-4556<br>
<br>
<br>
On Fri, Jan 28, 2022 at 2:04 AM Rémi Palancher <<a href="mailto:remi@rackslab.io" target="_blank">remi@rackslab.io</a><mailto:<a href="mailto:remi@rackslab.io" target="_blank">remi@rackslab.io</a>>> wrote:<br>
Le vendredi 28 janvier 2022 à 06:56, Ratnasamy, Fritz <<a href="mailto:fritz.ratnasamy@chicagobooth.edu" target="_blank">fritz.ratnasamy@chicagobooth.edu</a><mailto:<a href="mailto:fritz.ratnasamy@chicagobooth.edu" target="_blank">fritz.ratnasamy@chicagobooth.edu</a>>> a écrit :<br>
<br>
> Hi,<br>
><br>
> I have a similar issue as described on the following link (<a href="https://groups.google.com/g/slurm-users/c/6SnwFV-S_Nk)A" rel="noreferrer" target="_blank">https://groups.google.com/g/slurm-users/c/6SnwFV-S_Nk)A</a> machine had some existing local permissions. We have added it as a compute node to our cluster via Slurm. When running an srun interactive session on that server,it would seem that the LDAP groups shadow the local groups.<br>
><br>
> johndoe@ecolonnelli:~ $ groups<br>
><br>
> Faculty_Collab ecolonnelli_access #Those are LDAP groups<br>
><br>
> johndoe@ecolonnelli:~ $ groups johndoe<br>
><br>
> johndoe : Faculty_Collab projectsbrasil core rais rfb polconnfirms johndoe vpce rfb_all backup_johndoe ecolonnelli_access<br>
<br>
The difference between the first and the second command could be the UID used for the resolution. The first command calls getgroups() syscall using the UID of the shell. The second command resolves johndoe UID through nsswitch stack then looks after the groups of this UID.<br>
<br>
Do you have johndoe declared in both local /etc/passwd and LDAP directory with different UID?<br>
<br>
Do `id` and `id johndoe` return the same UID?<br>
<br>
--<br>
Rémi Palancher<br>
Rackslab: Open Source Solutions for HPC Operations<br>
<a href="https://rackslab.io" rel="noreferrer" target="_blank">https://rackslab.io</a><br>
<br>
<br>
CAUTION: This email has originated outside of University email systems. Please do not click links or open attachments unless you recognize the sender and trust the contents as safe.<br>
<br>
<br>
CAUTION: This email has originated outside of University email systems. Please do not click links or open attachments unless you recognize the sender and trust the contents as safe.<br>
<br>
</blockquote></div>
</blockquote></div>