diff --git a/roles/samba-dc/templates/smb.conf.j2 b/roles/samba-dc/templates/smb.conf.j2
index b66941e..6feb5d8 100644
--- a/roles/samba-dc/templates/smb.conf.j2
+++ b/roles/samba-dc/templates/smb.conf.j2
@@ -11,6 +11,15 @@
 	template homedir = {{ winbind_template_homedir }}
 	template shell = /bin/bash
 
+{% if samba_tls_enabled|bool %}
+	tls enabled = yes
+	tls keyfile = {{ samba_tls_keyfile }}
+	tls certfile = {{ samba_tls_certfile }}
+{% if samba_tls_cafile is defined %}
+	tls cafile = {{ samba_tls_cafile }}
+{% endif %}
+{% endif %}
+
 [netlogon]
 	path = /var/lib/samba/sysvol/{{ krb5_realm|lower }}/scripts
 	read only = No