Problems after adding Winbind to PAM

[Cameron Thorne]

I'm sure this has been beaten to death, but I've exhausted all the 
resources Google affords me to no avail.

I am running Winbind to authenticate against active directory in SLES9. 
  ADS users can login normally.  Locally defined users get 
double-prompted for password.

/etc/pam.d/login:
#%PAM-1.0
auth required   pam_securetty.so
auth required   pam_nologin.so
#auth    required       pam_homecheck.so
auth required   pam_env.so
auth required   pam_mail.so
auth sufficient pam_unix2.so    nullok
auth required   pam_winbind.so  use_first_pass
account sufficient      pam_unix2.so
account required        pam_winbind.so
password required       pam_pwcheck.so  nullok
password required       pam_unix2.so    nullok use_first_pass use_authtok
session required        pam_mkhomedir.so skel=/etc/skel umask=0022
session required        pam_unix2.so    none       # debug or trace
session required        pam_limits.so

/etc/pam.d/xdm:
#%PAM-1.0
auth     sufficient     pam_unix2.so    nullok
auth     required       pam_winbind.so  use_first_pass
account  sufficient     pam_unix2.so
account  required       pam_winbind.so
password required       pam_pwcheck.so  nullok
password required       pam_unix2.so    nullok use_first_pass use_authtok
session  required       pam_unix2.so    debug # trace or none
session  required       pam_devperm.so
session  required       pam_resmgr.so

I think the above is all okay.  Any ideas?

-- Cameron Thorne