¡Welcome to the JavaRanch, Ignacio!
I'm out of practice on the various cifs mechanisms for Java, but I can try.
First, NEVER put a jar both in the TOMCAT_HOME/lib
and WEB-INF/lib directories. Put it one place or the other (assuming it's safe for TOMCAT_HOME/lib), but never both or you risk having bizarre classpath problems.
The best place to set a JVM-level property in Tomcat is via its JAVA_OPTS, which you can set in the setenv.bat or setenv.sh file you add to TOMCAT_HOME/bin. However, I'm not sure if this particular setting is appropriate at the JVM level or not. As a general rule,
you should avoid JVM-level properties, since they're inherited by all components and applications in the Tomcat server (although sometimes they should be!)
The jespa system is an authentication system. The preferred way to authenticate in
J2EE is to let the container (Tomcat) manage it, using a plugin-in Security Realm. There should be a jespa Realm module available somewhere and that would almost certainly eliminate the confusion about configuration, not to mention being more secure than using user-written security code.
As far as jespa's interaction with CIFS in such a situation, I'm not certain, although as a general rule I don't like putting system-specific file references in web applications anyway. It limits their flexibility. My preference would be to use an NTLM share drive and treat it like an ordinary file/directory.
Incidentally, it's considered polite to inform us when you post the same question in other forums. Things can get confusing otherwise.