pam login authorization using both local and winbind

I have a situation where I need the linux server to accept either local password or active directory password. Below is the relevant code from /etc/pam.d/system-auth. The commented out line was how the file was setup before and the line below it shows how it should be setup to allow this functionality. All other setup files are unchanged.

auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok #auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth sufficient /lib/security/$ISA/pam_winbind.so auth required /lib/security/$ISA/pam_deny.so