simplified the difference between proxying Radius to NPS and authenticate locally is the following.
If you use proxy all auth request are forwarded to the NPS and the NPS make the decision who comes in and what information's (e. g. radios attributes) are sent back to the client. But NAC can overwrite the information sent back to the client if needed!
If you use NAC as Radius, NAC make the decision who comes in and sent back all radius attributes for authorization. But the NAC can ask a directory like AD to do the correct decision.
Here are a lot of good informations how you can use NAC as Radius and ask the AD for more information.
In my opinion you are more flexible if you do the authentication and authorization direct on the NAC and you have not to ask a Windows Server admin for support.
But there are situation the proxy solution is more beneficial.