Hi, I am running samba AD DC as virtual machine from host, which is a samba domain member. I enabled PAM auth using wiki article[1]. My problem is that when host is starting I am unable to login (even as root) to it until DC vm starts and winbindd reestablishes connection to DC. I want to change auth priority: check for unix user first, and if not found check in AD. I tried to change /etc/pam.d/system-auth this way: [DO NOT use - it does not work] auth [default=ignore] pam_localuser.so auth [success=1 default=die] pam_unix.so nullok auth [default=die] pam_winbind.so auth requisite pam_deny.so auth optional pam_permit.so auth required pam_env.so account required pam_unix.so account [success=1 default=ignore] pam_localuser.so account required pam_winbind.so account optional pam_permit.so account required pam_time.so password [default=ignore] pam_localuser.so password [success=1 default=die] pam_unix.so sha512 shadow password [default=die] pam_winbind.so password requisite pam_deny.so password optional pam_permit.so session required pam_limits.so session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional pam_permit.so but it does not work. Anyone has a working example? Thanks, Łukasz