ntlm_auth: hex decode of 00 failed

[Scott Pickles]

>>Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --domain=%{%{mschap:NT-Domain}:-FESYSTEMSCOM} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:>>(0)  ntlm_auth : EXPAND --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}>>(0)  ntlm_auth :    --> --username=spickles>>(0)  ERROR: ntlm_auth : No NT-Domain was found in the User-Name>>(0)  ntlm_auth : EXPAND --domain=%{%{mschap:NT-Domain}:-FESYSTEMSCOM}>>(0)  ntlm_auth :    --> --domain=FESYSTEMSCOM>>(0)  ERROR: ntlm_auth : No MS-CHAP-Challenge in the request>>(0)  ntlm_auth : EXPAND --challenge=%{%{mschap:Challenge}:-00}>>(0)  ntlm_auth :    --> --challenge=00>>(0)  ERROR: ntlm_auth : No MS-CHAP-Response or MS-CHAP2-Response was found in the request>>(0)  ntlm_auth : EXPAND --nt-response=%{%{mschap:NT-Response}:-00}>>(0)  ntlm_auth :    --> --nt-response=00>>hex decode of 00 failed! (only got 1 bytes)
I ultimately want to use FreeRADIUS to authenticate user logins to my Cisco infrastructure, VPN connections to my ASA, and MS-PEAP for WiFi.  Currently I'm just trying to run a test connection from my ASA firewall using the RADIUS test built in:
>>test aaa-server authorization RADIUS host 172.18.2.100 username spickles

I'm failing at the ntlm_auth portion above, and if I'm understanding it correctly it's because the test from the ASA is likely sending something like a pap request as opposed to an mschap?
>>ERROR: ntlm_auth : No MS-CHAP-Challenge in the request

This is expected and the default is then '00' based on the setting 'ntlm_auth : EXPAND --challenge=%{%{mschap:Challenge}:-00}'.  So I guess at this point I'm looking for some guidance on how I can make all of this work because the RADIUS test isn't going to send an MS-CHAP challenge.  Do I need to modify the ntlm_auth configuration to include a 'password' option?