Try below search (It is ugly because of join) but I think it will give you a result.
index=_audit host=<your host> action="login attempt" | fields user, action, info, src | join type=left user [| rest /services/authentication/users splunk_server=local f=title f=type | rename title as user | fields user, type ] | table user, type, action, info, src
Yes, query which I have provided will give you type if that user exist in splunk, it it does not exist then it will give you blank.
With the app https://splunkbase.splunk.com/app/1866/
i was able to get one of the dashboards which displayed what i wanted,
Name: Users by authentication type
| rest splunk_server=local /services/authentication/users | stats count by type