Unless the QPR Foundation Server is installed as a service on a system account, one last step is required to configure the NT authentication method. The user account you are using to run QPR Service must have "Act as part of operating system" local security policy rights on the computer where the service is executed. Otherwise it is not possible to use NT authentication in the User Management System.
Note that currently a secure LDAP authentication requiring a client certificate is not supported. However, it is still possible to secure the connection to the LDAP server using SSL.