“create mobile account at login” preventing AD accounts from logging in for the first time

i'm going through the long bombich 'leveraging AD on mac os x" pdf. i've bound a client to both OD and AD. i was able to login using two different AD accounts and it created their home folder locally on the laptop. managed preferences works too. i then went into Directory Utility and checked the box for "create mobile account at login". then at the login window i tried to login as a 3rd user that hasn't logged in before. it seems to accept the name and password, the screen flashes blue, then quickly goes back to the login window. i couldn't figure out why... so i unchecked "create mobile account at login"... and it worked. what might i be misunderstanding about this? thanks!