diff --git a/playbooks/nas.yml b/playbooks/nas.yml
index 6366b15..5f2002e 100644
--- a/playbooks/nas.yml
+++ b/playbooks/nas.yml
@@ -11,5 +11,26 @@
 
   roles:
     - base
+    - kerberos/client
+    - ldap/client
+    - ldap/nss
     - nfs-server
     - zfs
+    - role: kerberos/keytab
+      principals: "nfs/{{ inventory_hostname }}@FOO.SH"
+
+  tasks:
+    - name: copy exports file
+      copy:
+        dest: /etc/exports
+        content: |
+          /export/home   172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
+                         @nfsclients-rw(rw,root_squash,secure) \
+                         @nfsclients-ro(ro,root_squash,secure)
+          /export/roles  172.20.30.0/24(rw,root_squash,secure,sec=krb5p) \
+                         @nfsclients-rw(rw,root_squash,secure) \
+                         @nfsclients-ro(ro,root_squash,secure)
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart nfs-server