I've logged in to my system using pam_winbind, and automatic NTLM authentication is working for Firefox, Evolution, everything that uses libsoup, etc.
It works by invoking /usr/bin/ntlm_auth to handle the NTLM challenge/responses for me.
However, it doesn't seem to work with pidgin-sipe. Pidgin demands to be given the password, without even trying /usr/bin/ntlm_auth.
There's a sample ntlm_auth implementation at http://david.woodhou.se/ntlm_auth_v2.c which you can build with -DTEST_HACK and drop into place for testing purposes, without actually having to have winbind set up (although winbind can be prodded with the right info with 'wbinfo -K $DOMAINUSERNAME' too, which is easier than actually configuring the local PAM stack to use it).