Every Microsoft Active Directory domain controller acts as KDC Kerberos 5 for users and services authentication. Therefore you just have to:
1) Configure Zeroshell to contact al least a domain controller for the authentication by adding the realm kerberos 5 (it’s the same of the AD domain) and the IP of the server in the section [Kerberos 5][Realms]
2) Add in the [Captive Portal][Authentication] the AD Domain as [Authorized Domains] using external Kerberos 5 KDC
Notice that the first step is useless if you use DNS KDC auto discovery.
Also this is easy to get because every domain controller is an authoritative DNS for the AD domain. Hence you just have to add at least a domain controller as DNS Forwarder of Zeroshell (section [DNS][Forwarders]. In the section [Kerberos 5][Realm] put to yes the “Use the DNS to discovery Realms and KDC servers not configured “.
Regards
Fulvio Ricciardi