Configure the NTLM authenticator com.sibvisions.apps.auth.NtlmAuthenticator as described here.

Be sure that you use com.sibvisions.rad.server.security.NtlmDBSecurityManager as security manager. The configuration is described here.

Add additional parameters to your config.xml

<ntlm>
  <init-param>
    <param-name>jcifs.http.domainController</param-name>
    <param-value>domain.sibvisions.net</param-value>
  </init-param>
  <init-param>
    <param-name>jcifs.smb.client.domain</param-name>
    <param-value>DOMAIN.SIBVISIONS.NET</param-value>
  </init-param>    
  <init-param>
    <param-name>jcifs.smb.client.responseTimeout</param-name>
    <param-value>4000</param-value>
  </init-param>
  <init-param>
    <param-name>jcifs.smb.client.soTimeout</param-name>
    <param-value>4000</param-value>
  </init-param>
  <init-param>
    <param-name>jcifs.util.loglevel</param-name>
    <param-value>4</param-value>
  </init-param>
</ntlm>

All JCIFS parameters are allowed.

If you start your application in a browser, be sure to map:

<servlet>
  <servlet-name>NtlmHandler</servlet-name>
  <display-name>Servlet based ntlm authentication</display-name>
  <servlet-class>com.sibvisions.apps.server.http.NtlmHandler</servlet-class>
</servlet>
 
<servlet-mapping>
  <servlet-name>NtlmHandler</servlet-name>
  <url-pattern>/auth/Ntlm</url-pattern>
</servlet-mapping>

in your web.xml.

The authentication was successfully tested with WinXP, Vista, Win7, Win8 - Java5, 6, 7. It's not needed to change your local security policies because NTLMv1 and NTLMv2 work.