diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py
index 3afe86f3f49..587fd9ae857 100644
--- a/src/tests/system/tests/test_sudo.py
+++ b/src/tests/system/tests/test_sudo.py
@@ -556,3 +556,39 @@ def test_sudo__local_users_negative_cache(client: Client, provider: LDAP, sssd_s
 
     result = client.tools.tshark(["-r", "/tmp/sssd.pcap", "-V", "-2", "-R", "ldap.filter"])
     assert "uid=user-1" not in result.stdout
+
+
+
+@pytest.mark.importance("critical")
+@pytest.mark.authorization
+@pytest.mark.topology(KnownTopologyGroup.AnyProvider)
+@pytest.mark.parametrize("sssd_service_user", ("root", "sssd"))
+@pytest.mark.require(
+    lambda client, sssd_service_user: ((sssd_service_user == "root") or client.features["non-privileged"]),
+    "SSSD was built without support for running under non-root",
+)
+def test_sudo__defaults_rule(client: Client, provider: GenericProvider, sssd_service_user: str):
+    """
+    :title: Defautls rule behavior
+    :setup:
+        1. Create user "user-1"
+        2. Create sudorule named default with option '!authenticate'
+        3. Enable SSSD sudo responder
+        4. Start SSSD
+    :steps:
+        1. List sudo rules for "user-1"
+        2. Run "sudo /bin/ls root" as user-1
+    :expectedresults:
+        1. User is able to run sudo commands on client
+        2. Command is successful
+    :customerscenario: False
+    """
+    u = provider.user("user-1").add()
+    provider.sudorule("defaults").add(option="!authenticate", command="/bin/ls")
+
+    client.sssd.set_service_user(sssd_service_user)
+    client.sssd.common.sudo()
+    client.sssd.start()
+
+    assert client.auth.sudo.list("user-1", expected=["(root) /bin/ls"])
+    assert client.auth.sudo.list("user-1", "Secret123", expected=["(root) /bin/ls"])