1.1.3 is not latest available for CentoOS:
Understood. I meant it was the latest version the package manager would grab for me.
You are using EAP-TTLS/MS-CHAP with system (crypted) passwords. It's impossible:
http://deployingradius.com/documents/protocols/compatibility.html
You can use EAP-TTLS/PAP with them. Thanks. That's the exactly the missing piece I needed. I can see how to change the inside protocol on TTLS to PAP, at least on OS X.
To do same with windows you will need something like SecureW2 or wpa_supplicant.
In the meantime, I managed to make a new mess. I accidentally ran radiusd without the -X option and couldn't figure out how to "properly" stop it so I just killed the process. Now when I run radiusd -X, it claims to be listening on 1812 and 1813, but nmap says it isn't and I can't get a telnet connection off either port. My firewall config hasn't changed, but just for good measure I turned iptables off completely and still get the same results... Anyone seen this particular mistake before?
Oh yes. I have left the debug running and closed the console window plenty of times. killall radiusd should do it. Ivan Kalik