This is my first bug report, so please be gentle. I am experiencing problems with nss_ldap and found http://forums.gentoo.org/viewtopic-t-466045-highlight-nssldap.html so here I am. So, with all of the attached configurations on my openldap server, and nss_ldap-239-r1, life is good. When I upgrade to nss_ldap-249 I see the following: 1) Starting/restarting slapd takes around 5 minutes. It just hangs forever and eventually comes up. What's interesting is that while it's doing this, I see the following errors: May 30 14:10:32 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:10:32 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:10:32 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:10:32 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:10:32 myserver.mydomain.com slapd[28728]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... May 30 14:10:36 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:10:36 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:10:36 myserver.mydomain.com slapd[28728]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... May 30 14:10:44 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:10:44 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:10:44 myserver.mydomain.com slapd[28728]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... May 30 14:11:00 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:11:00 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:11:00 myserver.mydomain.com slapd[28728]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... May 30 14:11:32 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:11:32 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:11:32 myserver.mydomain.com slapd[28728]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... May 30 14:12:36 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 14:12:36 myserver.mydomain.com slapd[28728]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 14:12:36 myserver.mydomain.com slapd[28728]: nss_ldap: could not search LDAP server - Server is unavailable So it almost seems like it is some weird loop in that the openldap server, itself, can't start until nss_ldap goes through this cycle twice. Then, eventually, slapd will start up. 2) On all servers that connect back to this ldap server, I see tons of these (depending on which service that is trying to authenticate against the slapd server): May 29 14:15:01 server2.mydomain.com cron[31877]: nss_ldap: failed to bind to LDAP server ldap://myserver: Can't contact LDAP server May 29 14:15:01 server2.mydomain.com cron[31877]: nss_ldap: reconnected to LDAP server ldaps://myserver/ May 30 16:40:51 server3.mydomain.com sshd[30918]: nss_ldap: failed to bind to LDAP server ldap://myserver: Can't contact LDAP server May 30 16:40:51 server3.mydomain.com sshd[30918]: nss_ldap: reconnected to LDAP server ldaps://myserver/ Downgrading to nss_ldap-239-r1 on the server and all client machines fixes all of these symptoms. It's probably important for me to state that I am, by no means, an ldap expert. So, it's quite possible that I have a borked config that was working because previous versions of nss_ldap were forgiving. But, I don't think I'm the only one. I'm starting to see more and more of these reports in the forums. Please let me know if you need more information and I'll do my best to provide it.
Created attachment 87917 [details] All related configs (ldap.conf, sshd.conf, etc)
please remove the port and host entries in your /etc/ldap.conf, leaving only the uri entry: uri ldaps://127.0.0.1/
My ldap.conf is now this: base dc=domain,dc=com suffix "dc=domain,dc=com" uri ldaps://127.0.0.1/ rootbinddn cn=Manager,dc=domain,dc=com pam_password md5 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_hosts ou=Hosts,dc=domain,dc=com nss_base_passwd dc=domain,dc=com?sub nss_base_shadow dc=domain,dc=com?sub nss_base_group ou=Groups,dc=domain,dc=com?one ssl start_tls ssl on suffix "dc=domain,dc=com" Starting openldap with nss_ldap-249 and this ldap.conf takes roughly 2 1/2 minutes to start up. Here are the errors in my ldap.log file: May 30 18:47:44 myserver.domain.com slapd[20199]: slapd shutdown: waiting for 0 threads to terminate May 30 18:47:44 myserver.domain.com slapd[20199]: slapd stopped. May 30 18:47:45 myserver.domain.com slapd[26630]: @(#) $OpenLDAP: slapd 2.2.28 (May 30 2006 15:25:09) $ root@ultron:/var/tmp/portage/openldap-2.2.28-r3/work/openldap-2.2.28/servers/slapd May 30 18:47:45 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:47:45 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:47:45 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... May 30 18:47:49 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:47:49 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... May 30 18:47:57 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:47:57 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... May 30 18:48:13 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:48:13 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... May 30 18:48:45 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:48:45 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... May 30 18:49:49 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:49:49 myserver.domain.com slapd[26630]: nss_ldap: could not search LDAP server - Server is unavailable May 30 18:49:49 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:49:49 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:49:49 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... May 30 18:49:53 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:49:53 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... May 30 18:50:01 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:50:01 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... May 30 18:50:17 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:50:17 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... May 30 18:50:49 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:50:49 myserver.domain.com slapd[26630]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... May 30 18:51:53 myserver.domain.com slapd[26630]: nss_ldap: failed to bind to LDAP server ldaps://127.0.0.1/: Can't contact LDAP server May 30 18:51:53 myserver.domain.com slapd[26630]: nss_ldap: could not search LDAP server - Server is unavailable May 30 18:51:53 myserver.domain.com slapd[26658]: slapd starting
ok, so now it's doing even worse. flip the change around, so from your original, you only remove the uri line.
I'm not sure that it was worse. But this time certainly was. It took over 4 minutes to restart slapd with the config like this: host 127.0.0.1 base dc=domain,dc=com suffix "dc=domain,dc=com" rootbinddn cn=Manager,dc=domain,dc=com port 636 pam_password md5 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_hosts ou=Hosts,dc=domain,dc=com nss_base_passwd dc=domain,dc=com?sub nss_base_shadow dc=domain,dc=com?sub nss_base_group ou=Groups,dc=domain,dc=com?one ssl start_tls ssl on suffix "dc=domain,dc=com" Here are the logs from the restart. May 30 23:14:34 myserver.domain.com slapd[29352]: slapd stopped. May 30 23:14:35 myserver.domain.com slapd[4046]: @(#) $OpenLDAP: slapd 2.2.28 (May 30 2006 15:25:09) $ root@ultron:/var/tmp/portage/openldap-2.2.28-r3/work/openldap-2.2.28/servers/slapd May 30 23:14:35 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:14:35 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:14:35 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... May 30 23:14:39 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:14:39 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... May 30 23:14:47 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:14:47 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... May 30 23:15:03 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:15:03 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... May 30 23:15:35 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:15:35 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... May 30 23:16:39 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:16:39 myserver.domain.com slapd[4046]: nss_ldap: could not search LDAP server - Server is unavailable May 30 23:16:39 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:16:39 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:16:39 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... May 30 23:16:43 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:16:43 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... May 30 23:16:51 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:16:51 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... May 30 23:17:07 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:17:07 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... May 30 23:17:39 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:17:39 myserver.domain.com slapd[4046]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... May 30 23:18:43 myserver.domain.com slapd[4046]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server May 30 23:18:43 myserver.domain.com slapd[4046]: nss_ldap: could not search LDAP server - Server is unavailable May 30 23:18:43 myserver.domain.com slapd[4053]: slapd starting
Just to be clear. nss_ldap-239-r1 works with the /etc/ldap.conf file in all three cases. 1) With uri, host and port specified 2) with only uri specified 3) with host and port specified.
ok, this is weird. Let's start from the start, and go through all of the other things that could be the problem. SSL first, since between 239 and 249 there were a lot of SSL code changes. Go and disable the SSL in your LDAP server (well, make sure it accepts non-SSL connections on localhost, test it with ldapsearch first). /etc/ldap.conf: base dc=domain,dc=com suffix "dc=domain,dc=com" uri ldap://127.0.0.1/ rootbinddn cn=Manager,dc=domain,dc=com pam_password exop pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_hosts ou=Hosts,dc=domain,dc=com nss_base_passwd dc=domain,dc=com?sub nss_base_shadow dc=domain,dc=com?sub nss_base_group ou=Groups,dc=domain,dc=com?one # no SSL lines should exist
I can confirm nss_ldap-250 works without ssl. Note: the "ssl on" directive in /etc/ldap.conf will also make the non ssl server unreachable for nss_ldap. Version 239 did not suffer from this. I haven't investigated how to configure /etc/ldap.conf to have a successfull ssl setup.
Shane: Can you confirm that turning off SSL makes the problem go away? Please tell me, and then follow these instructions that I laid out for Harm below. Harm: Try these instead of any other SSL lines you have: # notice the url is 'ldap', not ldaps. # we want to use the TLS protocols. uri ldap://.... ssl start_tls tls_checkpeer no tls_ciphers TLSv1 # figure out the correct one for your system #tls_cacertfile /etc/ssl/ca.cert #tls_cacertdir /etc/ssl/certs #tls_cacertdir /etc/openldap/ssl/
With the tls directives it works fine, the problem is limited to the "ssl on" directive. The startup problem however has not been solved, I didn't check this before. I've been playing with a debug compile of nss_ldap and the slapd debug option. It seems version 249 and 250 have a much higher retry limit then version 239 did. 239 would give up after one failed attempt, 249/250 will retry 14 times and continually increases the interval the last 5 attempts (Which can be seen in the other logs that have been posted). Only after nss_ldap is done will the server succesfully start. And once the server is started I have no problems with nss_ldap-250. The openldap server and nss_ldap client are on the same system, which contributes to the problem. Somehow a nss_ldap lookup is needed for the server to start, even though the ldap account/group is stored in the system files. In my nsswitch.conf I use "files ldap" for the passwd, shadow and group directives. My /etc/pam.d/system-auth is still the default, so the startup problem might come from a bad pam/nsswitch configuration.
Starting from nss_ldap-241 there are 4 undocumented configuration directives to control the reconnect times. These are (with their default values): nss_reconnect_tries 5 nss_reconnect_sleeptime 4 nss_reconnect_maxsleeptime 64 nss_reconnect_maxconntries 2 Also starting from version 241 the reconnect logic changed which made nss_ldap actually use these values (from what I can understand from the code is that 239 used to default to a soft reconnect policy and give up after 1 try, but it could be I didn't get the logic right) This setting can be controlled by setting 'bind_policy soft', but it has been said this is not desireable. See http://bugs.gentoo.org/show_bug.cgi?id=99564#c42 So at this point all we can do is specify how long we are willing to wait. Some examples cause the logic for this is pretty obscure. nss_reconnect_tries 4 nss_reconnect_sleeptime 4 nss_reconnect_maxconntries 0 These settings will give 4 retries with intervals of 4, 8 and 16 seconds. nss_reconnect_tries 0 nss_reconnect_maxconntries 4 These settings will give 4 retries without any intervals. Note these are retries per lookup! For more details start looking at line 2480 of ldap-nss.c
I misunderstood part of the logic, updated example: nss_reconnect_tries 4 nss_reconnect_sleeptime 4 nss_reconnect_maxconntries 0 What this acutally does is this: wait 4 seconds try to connect wait 8 seconds try to connect wait 16 seconds try to connect wait 32 seconds try to connect I think the logic needs to be revised, but untill it does make sure nss_reconnect_maxconntries>0 so you don't enter the interval state from the start :D
Hi, i have the some results here, update to 249 brought me this: while booting udevd is hanging wiht the following error message: Booting .... NET: Registered protocol family 17 Using IPI Shortcut mode ReiserFS: sda1: found reiserfs format "3.6" with standard journal ReiserFS: sda1: using ordered data mode ReiserFS: sda1: journal params: device sda1, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 ReiserFS: sda1: checking transaction log (sda1) ReiserFS: sda1: Using r5 hash to sort names VFS: Mounted root (reiserfs filesystem). Freeing unused kernel memory: 128k freed INIT: version 2.86 booting Gentoo Linux; http://www.gentoo.org/ Copyright 1999-2005 Gentoo Foundation; Distributed under the GPLv2 * Mounting proc at /proc ... [ ok ] * Mounting sysfs at /sys ... [ ok ] * Mounting /dev for udev ... [ ok ] * Populating /dev with saved device nodes ... [ ok ] * Seeding /dev with needed nodes ... [ ok ] * Setting up proper hotplug agent ... * Using netlink for hotplug events... [ ok ] * Starting udevd ...udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: could not search LDAP server - Server is unavailable udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... udevd[265]: nss_ldap: failed to bind to LDAP server ldap://defiant.hierling.loc/: Can't contact LDAP server udevd[265]: nss_ldap: could not search LDAP server - Server is unavailable [ ok ] * Populating /dev with existing devices through uevents ... [ ok ] * Letting udev process events ... [ ok ] * Finializing udev configuration ... [ ok ] * Mounting devpts at /dev/pts ... [ ok ] * Activating (possible) swap ...Adding 409592k swap on /dev/sda2. Priority:-1 extents:1 across:409592k after that it (the server) starts up but behavior is like described by Shane. But what the hess has udevd to to with ldap? i cant reach the server, the network is down .... ? regards Martin
btw, reverting back to 239-r1 is working ...
For those coming here, please put these entries in your ldap.conf, to get closer to the old timeout behavior. nss_reconnect_tries 0 nss_reconnect_maxconntries 4 nss_reconnect_sleeptime 1 nss_reconnect_maxsleeptime 4
that is working but the error messages are still ugly during the boot process. btw, again, what has udev to do with nss_ldap? Any links to docs why ...?
- udev does nss lookups to find out what uid/gid numbers are represented by each usrename/groupname in it's configuration. - nsswitch.conf tells the system where to look for the nss data. - this problem isn't limited to nss_ldap either, somebody just complained to me about the mysql nss having a similar problem. if you look at bug 99564, you'll see the tracking of the udev issue.
250-r1 is in the tree, and documents the timeout stuff, as well as using much shorter values by default. I'm working on the SSL stuff seperately.
(In reply to comment #15) > For those coming here, please put these entries in your ldap.conf, to get > closer to the old timeout behavior. > > nss_reconnect_tries 0 > nss_reconnect_maxconntries 4 > nss_reconnect_sleeptime 1 > nss_reconnect_maxsleeptime 4 > I confirm this bug on my installation and confirm also that these lines correct the problem!