KeyCloak 23.x / 24.x - Unable to basic auth (user/pwd) with LDAP (MS AD) user

Hi there,
this is my first thread here in this forum and I’m search already a couple of days for the following issue.

We are using keycloak for a long time already. Because our productive environment is quiet old, we want to do a fresh installation. Current production is keycloak version 8.x and the old test environment is 9.x.

With the old keycloak versions, we are able to do a basic authentication via Postman. (GrantType=password, Username=AD-User, Password=AD-Password, Client without seceret > public configuration. Client authentication is “Basic Auth header”).

If we try to do the same with the current versions (Keycloak 23.x and 24.x) we always get the following warning message in the logs.

2024-03-15 14:52:11,742 WARN [org.keycloak.events] (executor-thread-107) type=LOGIN_ERROR, realmId=dde3260b-yyyy-xxxx-9603-123456febc, clientId=test, userId=f0329d74-1234-5647-12345-9902738f0861, ipAddress=10.10.10.22, error=invalid_user_credentials, auth_method=openid-connect, grant_type=password, client_auth_method=client-secret, username=AD-User

If we change the user / pwd to a local user, we are able to get an access_token.

Do you have any ideas where our problem could be?
The sync of the users / groups from the MS AD works well, and without any problems.

In my opinion, there has to be an issue with the communication between keycloak and kerberos.
The keytab file we use is working properly. Tested this on the command line of the server.
We are really lost, where the problem / issue could be.
Has someone else have a similar setup and is able to do a basic auth with an MS AD user and get an access token?

Any hint / suggestions are very welcome / appriciated!

T0m