My guess is that the DES only checkbox is checked in your AD
configuration for the service account used by the Apache server. If you
clear that checkbox and generate a keytab including both RC4 and DES
keys then I suspect allow_weak_crypto will not be needed.
I'm sorry, but I do not have instructions for generating an RC4 keytab
off the top of my head.
My guess is that the DES only checkbox is checked in your AD
configuration for the service account used by the Apache server. If you
clear that checkbox and generate a keytab including both RC4 and DES
keys then I suspect allow_weak_crypto will not be needed.
I'm sorry, but I do not have instructions for generating an RC4 keytab
off the top of my head.
--Sam