3 files changed, 4 insertions, 35 deletions

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0dab05b97c..1f00e22a3c 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -710,8 +710,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 	NTSTATUS status;
 	size_t i;
 	struct dom_sid tmp_sid;
-	const char *name_to_use;
-	bool force_nss;
 
 	/*
 	 * If winbind is not around, we can not make much use of the SIDs the
@@ -719,22 +717,11 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 	 * mapped to some local unix user.
 	 */
 
-	DEBUG(10, ("creating token for %s (SAM: %s)\n", server_info->unix_name,
-		server_info->sam_account->username));
-
-	force_nss = lp_force_username_map() && !server_info->nss_token;
 	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
-	    server_info->nss_token || force_nss) {
-		if (force_nss)
-			name_to_use =
-			    pdb_get_username(server_info->sam_account);
-		else
-			name_to_use = server_info->unix_name;
-
+	    (server_info->nss_token)) {
 		status = create_token_from_username(server_info,
-						    name_to_use,
+						    server_info->unix_name,
 						    server_info->guest,
-						    force_nss,
 						    &server_info->utok.uid,
 						    &server_info->utok.gid,
 						    &server_info->unix_name,
@@ -839,7 +826,6 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info)
 
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 				    bool is_guest,
-				    bool force_nss,
 				    uid_t *uid, gid_t *gid,
 				    char **found_username,
 				    struct nt_user_token **token)
@@ -855,9 +841,6 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 	size_t num_gids;
 	size_t i;
 
-	DEBUG(10, ("creating token for %s,%s guest,%s forcing NSS lookup\n",
-		username, is_guest ? "" : " not", force_nss ? "" : " not"));
-
 	tmp_ctx = talloc_new(NULL);
 	if (tmp_ctx == NULL) {
 		DEBUG(0, ("talloc_new failed\n"));
@@ -882,7 +865,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		goto done;
 	}
 
-	if (sid_check_is_in_our_domain(&user_sid) && !force_nss) {
+	if (sid_check_is_in_our_domain(&user_sid)) {
 		bool ret;
 
 		/* This is a passdb user, so ask passdb */
@@ -924,7 +907,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 		*found_username = talloc_strdup(mem_ctx,
 						pdb_get_username(sam_acct));
 
-	} else 	if (force_nss || sid_check_is_in_unix_users(&user_sid)) {
+	} else 	if (sid_check_is_in_unix_users(&user_sid)) {
 
 		/* This is a unix user not in passdb. We need to ask nss
 		 * directly, without consulting passdb */
@@ -1080,7 +1063,6 @@ bool user_in_group_sid(const char *username, const DOM_SID *group_sid)
 	}
 
 	status = create_token_from_username(mem_ctx, username, False,
-					    lp_force_username_map(),
 					    &uid, &gid, &found_username,
 					    &token);
 
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 587bb29042..9dc9719e48 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -110,7 +110,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
 NTSTATUS create_local_token(auth_serversupplied_info *server_info);
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 				    bool is_guest,
-				    bool force_nss,
 				    uid_t *uid, gid_t *gid,
 				    char **found_username,
 				    struct nt_user_token **token);
@@ -3971,7 +3970,6 @@ const char *lp_afs_username_map(void);
 int lp_afs_token_lifetime(void);
 char *lp_log_nt_token_command(void);
 char *lp_username_map(void);
-bool lp_force_username_map(void);
 const char *lp_logon_script(void);
 const char *lp_logon_path(void);
 const char *lp_logon_drive(void);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3d29f3afd9..e50ab929ad 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -144,7 +144,6 @@ struct global {
 	int iAfsTokenLifetime;
 	char *szLogNtTokenCommand;
 	char *szUsernameMap;
-	bool bForceUsernameMap;
 	char *szLogonScript;
 	char *szLogonPath;
 	char *szLogonDrive;
@@ -1283,15 +1282,6 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED,
 	},
 	{
-		.label		= "force username map",
-		.type		= P_BOOL,
-		.p_class	= P_GLOBAL,
-		.ptr		= &Globals.bForceUsernameMap,
-		.special	= NULL,
-		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED,
-	},
-	{
 		.label		= "password level",
 		.type		= P_INTEGER,
 		.p_class	= P_GLOBAL,
@@ -5246,7 +5236,6 @@ FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
 FN_GLOBAL_INTEGER(lp_afs_token_lifetime, &Globals.iAfsTokenLifetime)
 FN_GLOBAL_STRING(lp_log_nt_token_command, &Globals.szLogNtTokenCommand)
 FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
-FN_GLOBAL_BOOL(lp_force_username_map, &Globals.bForceUsernameMap)
 FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
 FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
 FN_GLOBAL_CONST_STRING(lp_logon_drive, &Globals.szLogonDrive)