Active Directory issues

Hi; I've been trying on and off for about a year to get AD and my XServe integrated. Basically it's just a CIFS file/web server (currently running as OD master, though it probably shouldn't be). Windows users from my AD domain regularly use the file shares, and I thought it'd be terribly useful if they could use their Windows logons instead of setting up a separate account. As it is, they have duplicate accounts on the XServe and it's a common problem, especially for VPN users, that it will simply forget their password and they will have to manually remap their network drives, which is a pain. What I have at the moment is a shambolic state where I'm half-integrated into an AD - I'll worry about cleaning it up in due course. The current problem I'm having, and would dearly like to solve, is this: - I create a new file share on the XServe, for testing - In Workgroup Manager, I pick a user from the Active Directory and give them ACE permissions - Using my Windows laptop, which is *not* on the domain, I successfully map a network drive on the XServe: say I map X: to \\Xserve\testfolder, using the logon ADDOMAIN\testuser - If I try to map it on a computer that *is* connected to the domain, it fails. It will not accept the username/password, and just pops up an error message again. - If I log off the domain computer and log back on as a local user rather than a domain user, it succeeds. I've tried looking all over Microsoft's support pages but I can't find anything (hard to figure out the keywords). A little lightbulb came on that suggested it was a group policy issue - the GPOs apply when the domain account is logged on, but not when I'm a local user. I am assuming that there is a GPO relating to authentication methods, or encrypted connections, or something of that order, which is causing my logons to be rejected when I am on a domain computer (of course, I may be way off). Please please please, does anyone know what it could be?