diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php
index dd05be6..ae27b41 100644
--- a/auth/ldap/auth.php
+++ b/auth/ldap/auth.php
@@ -1850,8 +1850,10 @@ class auth_plugin_ldap extends auth_plugin_base {
  
         if (($_SERVER['REQUEST_METHOD'] === 'GET'         // Only on initial GET of loginpage
                 || ($_SERVER['REQUEST_METHOD'] === 'POST'
-                   && (get_referer() != strip_querystring(qualified_me()))))
+                    && empty($_POST['authldap_skipntlmsso'])
+                    && (get_referer() != strip_querystring(qualified_me()))))
                                                            // Or when POSTed from another place
+                                                           // and actually want NTLM SSO
                                                            // See MDL-14071
            && !empty($this->config->ntlmsso_enabled)     // SSO enabled
            && !empty($this->config->ntlmsso_subnet)      // have a subnet to test for
diff --git a/blocks/login/block_login.php b/blocks/login/block_login.php
index d203c4b..02e672d 100644
--- a/blocks/login/block_login.php
+++ b/blocks/login/block_login.php
@@ -53,6 +53,15 @@ class block_login extends block_base {
 
             $this->content->text .= '<div class="c1 btn"><input type="submit" value="'.get_string('login').'" /></div>';
 
+            // We don't want NTLM SSO from here (See MDL-14071)
+            if (is_enabled_auth('ldap')) {
+                $ldapauth = get_auth_plugin('ldap');
+                if ($ldapauth->config->ntlmsso_enabled) {
+                    $this->content->text .= '<input type="hidden" name="authldap_skipntlmsso" value="1" />';
+                }
+                unset($ldapauth);
+            }
+
             $this->content->text .= "</form>\n";
 
             if (!empty($signup)) {