I am trying to figure out a way to authenticate my AD admin user accounts while doing 'su' or 'sudo' commands. (or even unlocking the System Pref) Our Macs are bound to AD and we add a few AD Groups to the local Admin group. This is setup and working while the mac is on-network. (and had been for years) We can run sudo with an AD admin account, while on-net and it can reach the AD servers to auth.
My goal is to be able to do this while the mac is at home / off network.
We do use JAMF Connect with PingFederate, so I'm thinking there should be a way to do this. I'm just not sure how to get the pam.d to go to Jamf Connect while trying to auth our admin account.
Anyone out there done anything like this?
