If I’m not mistaken, ZS can proxy requests to external RADIUS server only for authentificating WPA clients, not system accounts. ZS users authentificate against local kerberos server.
From documentation:
Thanks to the use of Kerberos 5, Zeroshell can establish trust relationships with other realms (these are what the authentication domains in Kerberos 5 are called) and allow users in a domain to access the resources and services of another domain.
But I’m afraid Microtik doesn’t provide kerberos functionality.