This is definitely not for non-administrators. However, I spent some serious time today trying to track this down, so let me save somebody some time here with this tidbit. It all started when I noticed that some of my users on my OSX Server machine were unable to access private web sites the way they should through authentication.
Knowing that I was using digest passwords and that was going to probably require Shadow Passwords, I knew where to look. Unfortunately, after changing the password type in Workgroup Manager, the problem wasn't fixed. Upon further investigation, the password type had not been changed. What happened and how is this fixed?
Well, it appears that for some reason, Workgroup Manager had logged me in to the /NetInfo/root domain and not /NetInfo/DefaultLocalNode. I'm not quite sure why it did this, and I'm also not quite sure why it's such a problem, since you can see the sam information both ways. However, it was a problem.
By switching to the /NetInfo/DefaultLocalNode, I was able to fix the problem through the obvious means (changing the password type in the Advanced tab).
Thanks to AFP548.com (my favorite OS X Server site) for some background information.