diff --git a/roles/debian/files/pac.conf b/roles/debian/files/pac.conf
new file mode 100644
index 0000000..3756f0d
--- /dev/null
+++ b/roles/debian/files/pac.conf
@@ -0,0 +1,2 @@
+[sssd]
+implicit_pac_responder = false
diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml
index a5b3d3c..b848c3e 100644
--- a/roles/debian/tasks/main.yml
+++ b/roles/debian/tasks/main.yml
@@ -32,3 +32,4 @@
 - import_tasks: gdm.yml
 - import_tasks: podman.yml
 - import_tasks: sysctl.yml
+- import_tasks: sssd.yml
diff --git a/roles/debian/tasks/sssd.yml b/roles/debian/tasks/sssd.yml
new file mode 100644
index 0000000..b838a9b
--- /dev/null
+++ b/roles/debian/tasks/sssd.yml
@@ -0,0 +1,29 @@
+---
+# Copyright 2019-2025 Anthony Rose
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Check for /etc/sssd/conf.d
+  become: true
+  ansible.builtin.stat:
+    path: /etc/sssd/conf.d
+  register: sssd_conf_d
+- name: Disable implicit_pac_responder for sssd
+  become: true
+  ansible.builtin.copy:
+    src: pac.conf
+    dest: '/etc/sssd/conf.d/pac.conf'
+    owner: root
+    group: root
+    mode: '0600'
+  when: sssd_conf_d.stat.isdir is defined and sssd_conf_d.stat.isdir