No caching of AD user permissions when not connected to domain

Hi all. I have just started testing and rolling out a couple of fully patched Leopard machines that are authenticating to AD with no problems at all. Binding works fine, seamless login to SMB shares, almost too easy! I have encountered one major headache and that is for users with mobile accounts on their laptops when not attached to the domain, whilst AD username and password are cached, permissions are lost, so changing any user prefs etc. needs the local admin password. Has anyone got a fix for this?