We are trying to use only kerberos, anyway for some applications we still need NTLM. ntlm_auth is only intended to be used by other programs (Squid,mod_ntlm_winbind) but is useful to check when the authentication is working fine using the command line.
To check if an user can be authenticated with NTLM we can use:
/usr/bin/ntlm_auth –username=<username> –domain=<domain> && echo authenticated || echo failure
