diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h
index 649e806..bf5b85f 100644
--- a/source/include/rpc_secdes.h
+++ b/source/include/rpc_secdes.h
@@ -224,7 +224,7 @@ struct standard_mapping {
 #define SA_RIGHT_SAM_INITIALISE_SERVER	0x00000004
 #define SA_RIGHT_SAM_CREATE_DOMAIN	0x00000008
 #define SA_RIGHT_SAM_ENUM_DOMAINS	0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN	0x00000020
+#define SA_RIGHT_SAM_LOOKUP_DOMAIN	0x00000020
 
 #define SA_RIGHT_SAM_ALL_ACCESS		0x0000003F
 
@@ -244,7 +244,7 @@ struct standard_mapping {
 
 #define GENERIC_RIGHTS_SAM_EXECUTE \
 		(STANDARD_RIGHTS_EXECUTE_ACCESS	| \
-		SA_RIGHT_SAM_OPEN_DOMAIN	| \
+		SA_RIGHT_SAM_LOOKUP_DOMAIN	| \
 		SA_RIGHT_SAM_CONNECT_SERVER)            
 
 
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 6e37ea5..f14c53b 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -620,13 +620,6 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
 	if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
 		return NT_STATUS_INVALID_HANDLE;
 
-	status = access_check_samr_function(info->acc_granted,
-					    SA_RIGHT_SAM_OPEN_DOMAIN,
-					    "_samr_OpenDomain" );
-
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
 	/*check if access can be granted as requested by client. */
 	map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
@@ -2957,7 +2950,7 @@ NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
 	}
 
 	status = access_check_samr_function(info->acc_granted,
-					    SA_RIGHT_SAM_OPEN_DOMAIN,
+					    SA_RIGHT_SAM_LOOKUP_DOMAIN,
 					    "_samr_QueryDomainInfo" );
 
 	if ( !NT_STATUS_IS_OK(status) )
@@ -3357,7 +3350,7 @@ NTSTATUS _samr_Connect(pipes_struct *p,
 	map_max_allowed_access(p->pipe_user.nt_user_token, &des_access);
 
 	se_map_generic( &des_access, &sam_generic_mapping );
-	info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN);
+	info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_LOOKUP_DOMAIN);
 
 	/* get a (unique) handle.  open a policy on it. */
 	if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
@@ -3544,7 +3537,7 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p,
 	   Reverted that change so we will work with RAS servers again */
 
 	status = access_check_samr_function(info->acc_granted,
-					    SA_RIGHT_SAM_OPEN_DOMAIN,
+					    SA_RIGHT_SAM_LOOKUP_DOMAIN,
 					    "_samr_LookupDomain");
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 0476394..1eaa1c6 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -6280,7 +6280,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	/* SamrConnect2 */
 	nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
 					 pipe_hnd->cli->desthost,
-					 SA_RIGHT_SAM_OPEN_DOMAIN,
+					 SA_RIGHT_SAM_LOOKUP_DOMAIN,
 					 &connect_hnd);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",