Here's a sanitized sssd.conf that works on our slurm compute nodes:

[sssd]
domains = [AD_FQDNS]
config_file_version = 2
services = nss, pam

[domain/[AD_FQDNS]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = [ALLCAPS_AD_FQDNS]
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u
ad_domain = [AD_FQDNS]
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad

AD_FQDNS is the fully qualified dns name of AD
ALLCAPS is where the AD FQDNS is capitalized


I hope it helps.

Andrew Ferris  (He, Him, His)
Network & Systems Management
UBC Centre for Heart-Lung Innovation
The University of British Columbia | St. Paul's Hospital | Musqueam, Squamish & Tsleil-Waututh Traditional Territory
Room 166 -1081 Burrard Street | Vancouver Canada | V6Z 1Y6 Canada
Phone 604 806 8346
andrew.ferris@hli.ubc.ca
https://www.hli.ubc.ca
 

>>> "Sterner, Douglas E. via slurm-users" <slurm-users@lists.schedmd.com> 6/2/2026 9:55 AM >>>
New kubernetes deployment and I can't authenticate via ssh using AD credentials to the login controller. Both id and getent resolve user correctly. I have tried every sssd parameter known to mankind. Can someone provide a working example of an sssd.conf for active directory non ssl that I can compare against. Also do I need to do this in the values.yaml?
 
slurm:
config:
    # Explicitly enable PAM for node environments and pam_slurm_adopt
    UsePAM: 1
 
Thanks,
 
Douglas Sterner
Johns Hopkins Applied Physics Laboratory
NSAD / JAF
11100 Johns Hopkins Road.
Laurel, MD 20723-6091