Right now the loginpage_hook() of the NTLM SSO authentication only redirects the user to the NTLM machinery when the login page is requested via GET, to avoid a loop when processing the login form (if the NTLM SSO failed, and Moodle fell back to the standard login).
But it seems the login page gets requested via POST from other places as well. For example when we use notice_yesno() to ask for a full user account login (see http://moodle.org/mod/forum/discuss.php?d=93390). So the loginpage_hook() doesn't trigger the NTLM SSO machinery, even if it should. We need to trigger it for GET requests or POST requests coming from other pages (but not self).
In addition to that, we were not storing the Referer in $SESSION->wantsurl if there was one, so we never returned to the right place in those cases.
The attached patch fixes both issues, but I'd like some people to review it before commiting it to CVS.