When you use "Net Use" to map drives in the login script to Microsoft shares only, it passes Username, not Domain/Username. This presents an issue to users/establishments who do not join an Active Directory domain but are members of workgroups with accounts in AD.
I noticed that on the PDC/BDC's this was not an issue, as it would check the username against AD. However, member servers would check locally then stop.
In the login script where you would have
#net use u: \\server\share
you need to change it to:
#net use u: \\server\share /USER:Domain\%LOGIN_NAME
This prefixes your domain name to any requests for services, and the member server then checks your authentication against the domain.
I hope this helps others, as this simple fix took me a while to muster!