Enabling Fips on CentOS can cause Samba mounts to fail with "cifs could not crypto alloc hmacmd5 mc".
You need to update to the latest Samba which supports fips mode. Also try to mount the share via Kerberos/keytab file instead of usernmae/password:
yum install krb5-workstation Use ktutil to create a kerberos keytab fileaddent -password -p username@DOMAIN.COM -k 1 -e RC4-HMAC
ktutil
ktutil:
ktutil: wkt username.keytabcall
ktutil rkt /etc/krb5.keytab
kinit username@DOMAIN.COM -k -t /home/username/username.keytab
Add entry to /etc/fstab
//cifs-server/Share$/share /mount-point cifs _netdev,username=username@DOMAIN.COM,sec=krb5,dir_mode=0755,file_mode=0755,uid=username,gid=username 0 0
# Put into your cron job
kinit -kt /home/username/username.keytab username@DOMAIN.COM
https://centrify.force.com/support/Article/KB-18311-How-to-mount-a-CIFS-share-from-Linux-using-Kerberos/
2. In the directory /etc/request-key.d, create the file cifs.spnego.conf if it does not already exist. Then add the following line
create cifs.spnego * * /usr/sbin/cifs.upcall %k
3. In the directory /etc/request-key.d, create the file dns_resolver.conf if it does not already exist. Then add the following line
create dns_resolver * * /usr/sbin/cifs.upcall %k
4. Confirm a kerberos credential exists with command klist. The output here shows a valid Kerberos credential
csssup-suse12:/etc/request-key.d # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: csssup-suse12$@RESOURCE.CENTRIFY.LAB
Valid starting Expires Service principal
07/31/19 15:33:35 08/01/19 01:33:35 krbtgt/RESOURCE.CENTRIFY.LAB@RESOURCE.CENTRIFY.LAB
renew until 08/01/19 15:33:36
5. Mount the directory
mount -t cifs -o sec=krb5 //<winserverFQDN>/<shareDrive> /<mountPoint>