I am a bit confused over the behavior of pam and winbind, and having Samba use pam. If I configure my nsswitch.conf: passwd: files winbind group: files winbind And my auth section of /etc/pam.d/samba looks something along the lines: auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok If I want to have a "static" account that winbind won't clobber (For use with 'force user= $staticuser' 'force security mode' on a share), does the nsswitch setting of files before winbind take care of that, or having the pam_winbind line before the pam_pwdb cause winbind to clobber any existing accounts? Matt Pavlovich