diff --git a/roles/system-auth/templates/password-auth.j2 b/roles/system-auth/templates/password-auth.j2
index 3032e1a..3d831a2 100644
--- a/roles/system-auth/templates/password-auth.j2
+++ b/roles/system-auth/templates/password-auth.j2
@@ -36,5 +36,6 @@ session     optional      pam_oddjob_mkhomedir.so umask=0077
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
 {% if pam_winbind %}
+session     sufficient    pam_localuser.so
 session     optional      pam_winbind.so krb5_auth krb5_ccache_type=KEYRING
 {% endif %}