Hello,
I have Active Directory with “Admin” and “Support” groups.
I want to give Full rights to RB management for all users in “Admin” group, and Read-only rights for all users in “Support” group.
This must already be supported via RADIUS.
Use Mikrotik-Group RADIUS attribute for access rights assignment.
I do not have Radius and do not plan to install it.
Add NPS (previously IAS) role to your AD. It implements RADIUS, which is one of the industry standard ways for AAA integration.
Implementing Kerberos on a router for the purpose of authenticating admins and support engineers sounds quite pointless, IMO.
Anyways, you may have reasons to ask for Kerberos integration (single sign-on, for instance), but please be more specific next time you are asking for a new feature, since AD integration is apparently already supported via RADIUS.