WSS 3.0 doesn't have single sign-on support. That's only in MOSS 2007.

I doubt if that in any case is the problem. I suspect there is something on
that page (an image: a web part) that they don't have rights to access and
therefore they are being asked for a "better" authentication.

I'm assuming that it knows these users are domainname\username because you
are either in the Intranet and have default IE settings or you have
specified automatic logon with existing logon name and password in they are
in another security zone.

Mike Walsh
WSS FAQ http://www.wssfaq.com
No private e-mail please.