When a Smart card, which uses the Extensible Authentication Protocol (EAP) / Transport Layer Security (TLS), submits invalid credentials, account lockout is never invoked, and the account does NOT get locked out?

When other logon types use invalid credentials, and trip the Account Lockout policy, they do get locked out.