To clarify, there is no option to enable authentication in the mapping section of your option profile. This is because mapping is strictly a mechinism by which to identify potential scan targets for vulnerability assessment.
What's likely happening with regard to the misidentification, is that there's a Linux device (firewall, router, etc) in front of the target that's actually responding on behalf of the target. One test that you might try is pinging the target from a host on the same subnet as the QualysGuard appliance. My guess is that the TTL returned will likely be around 64 or 255 -- default TTL values for Linux stacks -- vs the expected 128 for Windows stacks.
Hope this helps,