diff --git a/roles/samba-dc/files/relabel-winbindd.conf b/roles/samba-dc/files/relabel-winbindd.conf
deleted file mode 100644
index bd7bba7..0000000
--- a/roles/samba-dc/files/relabel-winbindd.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# Fedora does not yet have a SELinux policy for the Samba AD DC process,
-# so it runs as unconfined_service_t. This causes all of its child
-# processes to run there as well, which prevents they create from being
-# labelled correctly. This is particularly problematic for winbindd, as
-# several outside processes need to communicate with it for identity
-# mapping, etc., so its socket absolutely must have the right label.
-#
-# To work around this problem, restorecon is run after samba starts up
-# to set the correct label on the winbindd socket directory.
-
-[Service]
-ExecStartPost=/usr/sbin/restorecon -RFv /run/samba/winbindd
diff --git a/roles/samba-dc/tasks/main.yml b/roles/samba-dc/tasks/main.yml
index 9e5bc9a..aa115cc 100644
--- a/roles/samba-dc/tasks/main.yml
+++ b/roles/samba-dc/tasks/main.yml
@@ -74,14 +74,6 @@
     path=/etc/systemd/system/samba.service.d
     mode=0755
     state=directory
-- name: ensure samba4/winbind selinux work-around is in place
-  copy:
-    src=relabel-winbindd.conf
-    dest=/etc/systemd/system/samba.service.d/relabel-winbindd.conf
-    mode=0644
-  notify:
-  - reload systemd
-  - restart samba
 
 - name: ensure samba starts at boot
   service: