What is the security style of the volume? ("qtree status" will show this)
Who are the users trying to access the files?
What do you get for "options wafl"?
Set "options cifs.trace_login on" and try to access from both VMWare and Windows. What does the output show? (turn it back off when you're done)