Well, I think it's not a simple task to connect FreeS/WAN and PGP Net stuff, ain't? Did you made this? I've heard it's not that simple...
With Windows 2000, it's much more easy to connect to FreeS/WAN. But massive IPSec in a LAN is a little big overhead when you only need encrypted passwords :) But this depends on the topology, i.e. if there may be access to the ethernet segment it's difficult to secure it. maybe it's easier to protect the LAN and firewall the access, if possible.
Samba/windows XXXX will do encrypted passwords fine, it's not 100% perfect (the LANMAN hash MS uses is "weak" no salt/etc, but it will stop 99% of attackers dead). IPSec is a bit harsh on the CPU, especially for the servers, however you can get cheap network cards (like intel 10/100 server adaptors for $100 US which do triple des stinky fast) which have crypt chips onboard to accelerate it, Windows and OpenBSD support them, Linux does not however =(. Sigh. And people wonder why I hate every OS on the planet =) They all suck!
oki,
Steffen
-Kurt