samba - Jan 2011 - Windows and Linux account locking with an LDAP backend

I thought I would ask here to see if anyone has had a similar situation and a
solution.

We've got a SunOne Directory Server set up to authenticate our users on
Linux. To get shared authentication with Windows, we set up Samba (2.0.33 as
ships with CentOS 5) and the smbldap-tools.

What we need to do is get account locking to work across the board...such that
if a user fails 5 times on a Windows machine, they will be locked out on the
Linux systems as well....and vice versa.

Here's what I'm seeing:

On windows, failing authentication updates the "Bad Password Count" in
Samba, additionally it adds a "pwdfailuretime" to the LDAP server.
This is good, and is what we would like to see.

Fail 2, similar
Fail 3, similar
Fail 4, similar

On Fail 5, what seems to be happening is that the LDAP server puts in its 5th
pwdfailuretime item, thereby locking the account, and essentially preventing
Windows/samba from updating the final sambabadpasswordcount number....so Windows
is eternally stuck at 4 failures. Entering a bad password on the Windows side
says "There is a problem with the account", but entering the correct
password lets the user right in.

That's problem one. I can clarify any of this if needed.

The other thing we want to be able to do is that if a user fails 5 times on
Linux that it will lock out the Windows accounts. Any idea how to do that?

Thanks for any hints or conversations we can start about this. :)