Samba4: winbind on openSUSE

Not a joke. I did it!
This is a start but it's way off the mark:

You'll need a working Samba4 install built from ./configure.developer with libpam.dev already installed.

passwd:          files winbind
group:           files winbind

 ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so
 ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

 ln -s /usr/local/samba/lib/pam_winbind.so /lib/security

template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes

Add this line before pam_unix.so:
auth  sufficient  pam_winbind.so
Also add the option use_first_pass to the pam_unix.so line

Add this line before pam_unix.so:
account sufficient pam_winbind.so

Add these lines before any other session line:
session required pam_mkhomedir.so
session required pam_winbind.so

That gets you logged in but that's about all. The idmapping is all over the place. What you see on DC is not what you get on the clients. . . 
Good Luck