You can absolutely use both EAP methods on the same ClearPass server and even the same SSID.
What you'd want to do is create a service just for EAP-PEAP to handle the username/password authentication. This will require uploading a new (or if you have the private key, the old from NPS) RADIUS server certificate to ClearPass. This will serve as the server's identity in the PEAP process.
In your PEAP service, you can check for Machine Authenticationm, FQDN, etc and then let everything else fall through to OnBoard registration.
Here's an example of the service rules to separate the two methods: