Explicit Proxy with Kerberos auth not working

Hello good people!

Since few days i'm trying to configure Proxy on Fortigate 500E with FortiOS 6.0.3 and no luck so far.

I have straight forward configuration:

config authentication scheme edit "Kerberos" set method negotiate set negotiate-ntlm disable

config authentication rule edit "Kerberos" set srcaddr "all" set ip-based disable set active-auth-method "Kerberos" set web-auth-cookie enable next

user krb-keytab is with principal, ldap-server and keytab.

For proxy rule I have a source entire 192.168.0.0/16 network, corresponding AD group from the LDAP server and all services.

Once I test the connection, all browsers immediately pops up asking for user and pass and if I run diagnose debug application fnbamd -1 I don't see any LDAP query attempts nor into the logs I see any failed authentications. Once I check with Wireshark I see only NTLMSSP_NEGOTIATE packets flowing. I'm wondering what may be wrong here and how to troubleshoot it on the Fortigate like debug commands or log view to see why this is failing.

Any suggestions will be much appreciated.