As Sergey has indicated, you should make sure that you have the Demo LDAP Server running.
You can also check the Knox audit log to determine whether the 401 is coming from the Knox authentication step or from the backend service itself. {gateway_home}/logs/gateway-audit.log.
If it is coming from the backend service itself then you will need to ensure the following are true for a kerberos secured environment:
1. You are able to use the backend service directly without going through Knox
2. That “guest” is a unix user on the host/s running the backend service and that it is a member of the “users” group.
3. That Knox is configured as a trusted proxy for the relevant backend service.
You can likely find telling information in the log of the backend service as well.
HTH.