So tulip is your SQL Server server and your domain controller? If tulip is not a domain controller, then the users and groups setup on it (tulip\CTAP_Professionals) only have a security context within that server, not from the client computers. I'd talk with your network administrator and have the CTAP_Professionals group created in Active Directory in the domain controller, then create the login in SQL Server based on the DC's CTAP_Professionals group instead of the tulip\CTAP_Professionals group.
Not entirely sure how it all works. The Access database files are on a separate server (panda) that also has a group called CTAP_Professionals. Not sure if that is relevant or not. I'll see if my network administrator can shed any light on the issue of whether tulip is a domain controller or not.