[Samba] validate root locally with winbind

[Chris Jensen]

> Is there a way to set things up so that the root
> user is only checked against the local passwd/shadow files?

I don't know about *only* against shadow. But I've got winbind setup,
and it authenticates users first against the domain, but if that fails
resorts to the local password database.

Here are the relavent lines from my
/etc/pam.d/system-auth

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pa
ss
auth        required      /lib/security/pam_deny.so