That was a confusing statement.....
When you add a authentication source profile in a AD environment, It uses that for only LDAP; ie Username lookup, attribute lookup.
When you join CPPM to 'a' domain; It uses the domain configuration for authentication; The settings in the authentication source profile is not what is used for the actual handling of Authentication. For that we rely on winbind to fetch the domain configuration (domain name, netbios name, and trusted domain);
We then use DNS to resolve the local ad server and set that as the password server.
The settings in the authentication profile do not over ride this.
This is why when you configure an authentication source with out joining to AD you get error messages about mschapv2 responces being incorrect.
The only way to over ride this is to use the password server configuration in the SMB_<domain>.conf; which we didn't expose to end users until 6.1.1 with the password server CLI configuration command.
This is the ONLY way to override the settings we got from the domain lookups during the initial joining of CPPM to the domain.
Hope this clarifies a bit.