diff --git a/roles/common/tasks/utils.yml b/roles/common/tasks/utils.yml
index 268ae60..94d1348 100644
--- a/roles/common/tasks/utils.yml
+++ b/roles/common/tasks/utils.yml
@@ -5,6 +5,10 @@
     name: "{{ system_utils }} + {{ system_utils_el }}"
   when: ansible_os_family == 'RedHat'
 
+- name: Strip unsupported packages
+  set_fact: system_utils={{ system_utils | difference(['zstd']) }}
+  when: ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', '<')
+
 - name: Install common utilities
   apt:
     name: "{{ system_utils }} + {{ system_utils_deb }}"
diff --git a/roles/sssd_ldap_auth/tasks/install_Debian.yml b/roles/sssd_ldap_auth/tasks/install_Debian.yml
index 3cb59aa..c5ac89d 100644
--- a/roles/sssd_ldap_auth/tasks/install_Debian.yml
+++ b/roles/sssd_ldap_auth/tasks/install_Debian.yml
@@ -6,7 +6,12 @@
       - sssd
       - libnss-sss
       - libpam-sss
-      - oddjob-mkhomedir
       - ca-certificates
+
+- name: Install oddjob-mkhomedir
+  apt:
+    name:
+      - oddjob-mkhomedir
+  when: ansible_distribution_major_version is version('9', '>=')
   notify: restart oddjobd
 
diff --git a/roles/sssd_ldap_auth/tasks/main.yml b/roles/sssd_ldap_auth/tasks/main.yml
index bbee659..953ad43 100644
--- a/roles/sssd_ldap_auth/tasks/main.yml
+++ b/roles/sssd_ldap_auth/tasks/main.yml
@@ -19,10 +19,11 @@
     - regexp: '^group:.*'
       line: 'group:      files sss'
 
-- name: Start and enable sssd services
-  service: name={{ item }} state=started enabled=yes
-  with_items:
-    - sssd
-    - oddjobd
+- name: Start and enable sssd service
+  service: name=sssd state=started enabled=True
+
+- name: Start oddjobd
+  service: name=oddjobd state=started enabled=True
+  when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=')
 
 - include_tasks: pam_{{ ansible_os_family }}.yml
diff --git a/roles/sssd_ldap_auth/templates/deb_pam_common_session.j2 b/roles/sssd_ldap_auth/templates/deb_pam_common_session.j2
index ca57a4c..32f9f5d 100644
--- a/roles/sssd_ldap_auth/templates/deb_pam_common_session.j2
+++ b/roles/sssd_ldap_auth/templates/deb_pam_common_session.j2
@@ -1,6 +1,10 @@
 session [default=1]   pam_permit.so
 session requisite     pam_deny.so
 session required      pam_permit.so
+{% if ansible_distribution_major_version is version('9', '>=') %}
 session optional      pam_oddjob_mkhomedir.so skel=/etc/skel umask=0077
+{% else %}
+session optional      pam_mkhomedir.so kel=/etc/skel umask=0077
+{% endif %}
 session optional      pam_sss.so
 session required      pam_unix.so