I have a working ADS config (derived) from the dokuwiki wiki:
local.protected.php wrote
$conf['auth']['ldap']['server'] = 'subdomain.domain.tld';
$conf['auth']['ldap']['binddn'] = '%{user}@%{server}';
$conf['auth']['ldap']['usertree'] = 'cn=Users,dc=subdomain,dc=domain,dc=tld';
$conf['auth']['ldap']['userfilter'] = '(userPrincipalName=%{user}@%{server})';
$conf['auth']['ldap']['mapping']['name'] = 'displayname';
$conf['auth']['ldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i');
But I can't say anything to a native Kerberos plugin.
BlackFog