Hi, I am running samba AD DC as virtual machine from host, which is a samba domain member. I enabled PAM auth using wiki article[1]. My problem is that when host is starting I am unable to login (even as root) to it until DC vm starts and winbindd reestablishes connection to DC. I want to change auth priority: check for unix user first, and if not found check in AD. I tried to change /etc/pam.d/system-auth this way: [DO NOT use - it does not work] auth [default=ignore] pam_localuser.so auth [success=1 default=die] pam_unix.so nullok auth [default=die] pam_winbind.so auth requisite pam_deny.so auth optional  pam_permit.so auth required  pam_env.so account required  pam_unix.so account [success=1 default=ignore] pam_localuser.so account required pam_winbind.so account optional  pam_permit.so account required  pam_time.so password [default=ignore] pam_localuser.so password [success=1 default=die] pam_unix.so sha512 shadow password [default=die] pam_winbind.so password requisite pam_deny.so password optional  pam_permit.so session required  pam_limits.so session required  pam_unix.so session required  pam_mkhomedir.so skel=/etc/skel/ umask=0022 session optional  pam_permit.so but it does not work. Anyone has a working example? Thanks, Łukasz