Execute the following pre-requisites before enabling the NICI FIPS to make NDS login work:
Create - PBKDF2 (Password-Based Key Derivation Function 2) password policy. For more information see Understanding Non-Reversible Password Storage. Then, assign PBKDF2 password policy to all the users.
Set SCRAM as default login sequence. For more information see Password Authentication.
Once PBKDF2 policy is assigned, it is recommended that all the users must change their passwords, before enabling FIPS in NICI.
Enable NICI FIPS once the password of all the users are changed. To enable NICI in FIPS mode, see Using NICI for Configuring System-Level FIPS Mode.