1.1.3 is not latest available for CentoOS:
Understood. I meant it was the latest version the package manager would grab for me.
You are using EAP-TTLS/MS-CHAP with system (crypted) passwords. It's impossible:
http://deployingradius.com/documents/protocols/compatibility.html
You can use EAP-TTLS/PAP with them. Thanks. That's the exactly the missing piece I needed. I can see how to change the inside protocol on TTLS to PAP, at least on OS X.
Don't post configuration files. We know what's in them from the debug. Apologies. Wasn't sure on the etiquette there.
In the meantime, I managed to make a new mess. I accidentally ran radiusd without the -X option and couldn't figure out how to "properly" stop it so I just killed the process. Now when I run radiusd -X, it claims to be listening on 1812 and 1813, but nmap says it isn't and I can't get a telnet connection off either port. My firewall config hasn't changed, but just for good measure I turned iptables off completely and still get the same results... Anyone seen this particular mistake before?