We highly recommend stop using NTLM and migrate the authentication to Kerberos.
Kerberos is a computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It's a safer protocol than NTLM and an open standard developed by MIT available on Windows 4.1 and all onwards versions (Windows 2000 and later uses Kerberos as its default authentication method).
If you want to use Kerberos as authentication system on Liferay, no code changes are needed and it's compatible with version 7.0 and onwards of the Portal.
Here is an available guide on how to implement Kerberos as authentication system using LDAP and Token SSO services.