The communication between ClearPass and Active Directory is LDAP (or LDAPS). User information like group membership, full name, department, etc is pulled over this LDAP, so it's mostly Authorization information.
If you are doing EAP-PEAP-MSCHAPv2 authentication (username/password integrated with AD), just for that authentication part Kerberos is used and that is why ClearPass in such case has to join the domain. For EAP-TLS or non-802.1X authentication like Captive Portal or admin login, join is not needed and Kerberos is not used, just LDAP(S) in that case.
No RADIUS needed between ClearPass and AD.