We are experiencing issues configuring RADIUS authentication within Splunk. Despite following all required steps and configurations, authentication via RADIUS is not working as expected, and users are unable to authenticate through the RADIUS server.

- Installed radius client on splunk machine and configure the radiusclient.conf file with radius server data
- Updated the authentication.conf file located in $SPLUNK_HOME/etc/system/local/, as well as updates to web.confto support RADIUS authentication requests in Splunk Web.
- Used the radtest tool to validate the connection between the Splunk RADIUS client

- Monitored the Splunk authentication logs in $SPLUNK_HOME/var/log/splunk/splunkd.log to identify any errors, and consistently encountered the following error: Could not find [externalTwoFactorAuthSettings] in authentication stanza.
- Integrated radiusScripted.py to assist with RADIUS authentication, configuring it to work with the authentication settings.
It appears that Splunk is unable to successfully authenticate with the RADIUS server, with repeated errors indicating missing configuration stanzas or settings that are not recognized.

Environment Details:

• Splunk Version: 9.1.5
• Authentication Configuration Files: authentication.conf, web.conf
• Additional Scripts: radiusScripted.py

Please advise on troubleshooting steps or configuration adjustments needed to resolve this issue. Any insights or documentation on RADIUS integration best practices with Splunk would be highly appreciated.

thanks