Cannot mount CIFS shares

Cannot mount CIFS shares on RHEL hardware with FIPS. RHEL compute nodes cannot mount CIFS shares to create instances from ISO, and RHEL storage nodes cannot mount CIFS shares to import virtual machines (VMs) to templates.

When FIPS mode is enabled, the use of md4 and md5 are disabled, which prevents users from using NTLM, NTLMv2 or NTLMSSP authentication. Also, signing cannot be used since it requires md5. Any CIFS mount that uses these methods break when FIPS mode is enabled.

To disable and enable FIPS, follow these steps:

  1. Log onto the compute and storage nodes via a console or SSH connection.
  2. Check if FIPS is enabled by executing the following command:

    cat /proc/sys/crypto/fips_enabled

    If it is set to 1, then FIPS is enabled and CIFS mounts result in failure. If it is set to 0, then FIPS is disabled and CIFS mounts result in success.

  3. To configure FIPS, execute the following commands:
    1. To enable FIPS, execute:

      grubby --update-kernel=ALL --remove-args=fips=1sed -i 's/ fips=1//' /etc/default/grub

    2. To disable FIPS, execute:

      grubby --update-kernel=ALL --args=fips=1sed -i 's/\<boot\>/fips=1 &/' /etc/default/grub

  4. Reload the node.